yes I did it but in safe mode I don't know if this matters
should I restart everything ?
here is frst scan
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Christian (administrator) on PC-DE-CHRISTIAN on 24-01-2015 13:53:31
Running from C:\Users\Christian\Desktop
Loaded Profiles: Christian (Available profiles: Christian)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [112216 2007-02-22] (McAfee, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136768 2006-12-19] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2124871150-1497044009-3645244258-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-08]
FF Extension: SpecialSavings - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\
[email protected] [2013-03-25]
FF HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Firefox\Extensions: [
[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\
[email protected]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (My Scrap Nook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-01-20]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [423576 2009-02-24] (Whale Communications, a Microsoft subsidiary)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
S2 gupdate1ca0724da638462; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-12-19] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2007-02-22] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2007-02-22] (McAfee, Inc.)
S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.) [File not signed]
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [316224 2010-01-22] ()
S1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.)
S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2007-02-22] (McAfee, Inc.)
S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.)
R0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-24] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 13:53 - 2015-01-24 13:53 - 00000000 ____D () C:\Users\Christian\Desktop\FRST-OlderVersion
2015-01-24 13:15 - 2015-01-24 13:25 - 00000000 ____D () C:\ComboFix
2015-01-23 20:01 - 2015-01-23 20:01 - 00000000 ____D () C:\found.002
2015-01-22 22:04 - 2015-01-24 13:35 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-22 22:04 - 2015-01-22 22:04 - 15431256 _____ () C:\Users\Christian\Desktop\RogueKiller.exe
2015-01-22 22:04 - 2015-01-22 22:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-21 18:20 - 2015-01-24 13:53 - 00011507 _____ () C:\Users\Christian\Desktop\FRST.txt
2015-01-21 18:20 - 2015-01-21 18:21 - 00030065 _____ () C:\Users\Christian\Desktop\Addition.txt
2015-01-21 18:07 - 2015-01-21 18:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 18:07 - 2015-01-21 18:07 - 00000000 ____D () C:\Qoobox
2015-01-21 18:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 18:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 18:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 17:32 - 2015-01-23 20:37 - 05609462 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2015-01-21 17:29 - 2015-01-21 17:29 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe
2015-01-20 23:09 - 2015-01-20 23:09 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (2).exe
2015-01-20 21:28 - 2015-01-20 21:29 - 00030556 _____ () C:\Users\Christian\Downloads\Addition.txt
2015-01-20 21:27 - 2015-01-20 21:29 - 00034049 _____ () C:\Users\Christian\Downloads\FRST.txt
2015-01-20 21:26 - 2015-01-24 13:53 - 01120768 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2015-01-20 21:26 - 2015-01-24 13:53 - 00000000 ____D () C:\FRST
2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (1).exe
2015-01-20 20:58 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-01-20 20:58 - 2015-01-20 20:58 - 00018112 _____ () C:\Users\Christian\Downloads\téléchargement.htm
2015-01-20 20:54 - 2015-01-20 20:54 - 00000000 ____D () C:\_OTL
2015-01-20 19:23 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6BCB7B62.sys
2015-01-18 22:53 - 2015-01-24 11:34 - 00129667 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 22:50 - 2015-01-24 10:37 - 00049894 _____ () C:\Windows\PFRO.log
2015-01-18 22:46 - 2015-01-18 22:46 - 00063578 _____ () C:\Users\Christian\Desktop\Extras.Txt
2015-01-18 22:45 - 2015-01-20 19:41 - 00067698 _____ () C:\Users\Christian\Desktop\OTL.Txt
2015-01-18 22:15 - 2015-01-18 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe
2015-01-18 21:57 - 2015-01-21 21:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 21:54 - 2015-01-18 21:54 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-18 21:54 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 21:54 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 21:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-18 21:48 - 2015-01-18 21:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\Program Files\Canon
2015-01-18 13:22 - 2015-01-18 13:22 - 00000000 ____D () C:\found.001
2015-01-14 16:29 - 2015-01-14 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-28 09:41 - 2014-12-28 09:41 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VASCO
2014-12-28 09:39 - 2014-12-28 09:39 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin (1).exe
2014-12-28 09:38 - 2014-12-28 09:38 - 00000000 ____D () C:\Users\Christian\AppData\Local\Package Cache
2014-12-28 09:37 - 2014-12-28 09:38 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin.exe
2014-12-28 09:15 - 2014-12-28 09:16 - 04339712 _____ () C:\Users\Christian\Downloads\coccole-di-mamma1.pps
2014-12-26 16:04 - 2014-12-26 16:04 - 00020142 _____ () C:\Users\Christian\Documents\josette+jm.tif
2014-12-26 16:01 - 2014-12-26 16:01 - 00013773 _____ () C:\Users\Christian\Documents\irène+jm.tif
2014-12-26 15:59 - 2014-12-26 15:59 - 00007554 _____ () C:\Users\Christian\Documents\odile 1.tif
2014-12-26 15:55 - 2014-12-26 15:55 - 00015931 _____ () C:\Users\Christian\Documents\yvette et jozette.tif
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-24 13:25 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-24 11:34 - 2013-02-28 14:02 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 11:05 - 2009-07-17 22:29 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 10:38 - 2009-07-17 22:29 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 10:38 - 2009-01-14 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\WTablet
2015-01-24 10:37 - 2012-04-28 19:57 - 00000394 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job
2015-01-24 10:37 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 10:37 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:37 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 20:35 - 2008-01-21 09:41 - 01742966 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 20:08 - 2006-11-02 14:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-20 20:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Globalization
2015-01-20 20:25 - 2009-05-15 20:34 - 00000000 ____D () C:\QUARANTINE
2015-01-20 19:42 - 2013-05-30 14:21 - 00000000 ____D () C:\Program Files\Search Results Toolbar
2015-01-18 22:48 - 2013-07-28 17:32 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\SpeedAnalysis2
2015-01-18 22:36 - 2014-06-10 10:08 - 00000000 ____D () C:\ProgramData\BD4BB20635D3174C8E8D07497967FA8D
2015-01-18 21:16 - 2008-12-25 12:00 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 17:14 - 2014-07-02 22:53 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-12-27 13:19 - 2009-05-06 17:48 - 00002687 _____ () C:\Users\Christian\Desktop\Microsoft Office Word 2007.lnk
2014-12-26 15:52 - 2013-01-31 11:56 - 00002581 _____ () C:\Users\Christian\Desktop\ABBYY FineReader 6.0 Sprint.lnk
==================== Files in the root of some directories =======
2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 _____ () C:\Users\Christian\AppData\Roaming\Mallets
2009-01-08 23:18 - 2009-05-06 17:18 - 0001380 _____ () C:\Users\Christian\AppData\Roaming\wklnhst.dat
2008-10-25 17:18 - 2008-10-25 17:18 - 0000552 _____ () C:\Users\Christian\AppData\Local\d3d8caps.dat
2012-03-15 10:42 - 2014-07-11 21:09 - 0000680 _____ () C:\Users\Christian\AppData\Local\d3d9caps.dat
2008-11-06 17:54 - 2014-12-06 11:42 - 0120832 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-05 14:00 - 2009-06-05 14:00 - 0000097 _____ () C:\Users\Christian\AppData\Local\fusioncache.dat
2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\Users\Christian\AppData\Local\olralxi5ci8w
2014-03-26 18:08 - 2014-03-26 18:08 - 95027928 ____T () C:\ProgramData\7t87rjao.bbr
2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\Mail
2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\MAS
2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\ProgramData\olralxi5ci8w
2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\temp\catchme.dll
C:\Users\Christian\AppData\Local\temp\dllnt_dump.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 13:24
==================== End Of Log ============================