Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

windows vista freezes after 2 minutes [Solved]

Started by bendevos , Jan 20 2015 12:52 PM

  • This topic is locked This topic is locked

#16
Biscuithd
Posted 21 January 2015 - 12:29 PM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
Have you run Combofix yet (My post 10)? I'm not seeing the scan results?
  • 0

Advertisements

#17
bendevos
Posted 21 January 2015 - 12:54 PM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

yes but it seems it was'nt started as administrator. I got some errrors during its run that it requires more privileges.

 

And I coudn't find the report in the end. I will try again but right click on it and run as admin doesn't do the trick


  • 0

#18
bendevos
Posted 21 January 2015 - 02:27 PM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I can't get a better result. What could I do now ?

 

thanks


  • 0

#19
bendevos
Posted 22 January 2015 - 04:30 AM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

If I start in normal mode, I can launch combofix with admin rights... but It freezes at step 46 or nearby...


  • 0

#20
Biscuithd
Posted 22 January 2015 - 09:35 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts
That tells a story in itself. Let's see if this tool gives us additional clarity


RogueKiller.png Fix with RogueKiller




Please re-run RogueKiller.

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.
  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click it. RogueKiller will start a full scan.
  • Upon completion, the Delete button will become available. Click it.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.
Please include the content of this logfile in your next reply.
  • 0

#21
bendevos
Posted 22 January 2015 - 03:10 PM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
RogueKiller V10.2.0.0 [Jan 19 2015] par Adlice Software
 
Système d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Démarré en  : Mode sans échec prise en charge réseau
Utilisateur : Christian [Administrateur]
Mode : Suppression -- Date : 01/22/2015  22:09:58
 
¤¤¤ Processus : 0 ¤¤¤
 
¤¤¤ Registre : 35 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} -> Non sélectionné
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys) -> Non sélectionné
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Non sélectionné
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Non sélectionné
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Non sélectionné
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Non sélectionné
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7553252E-75D9-40C8-9C5F-F8D2F95454EC} | DhcpNameServer : 10.103.0.2 10.103.0.15 [(Private Address) (XX)][(Private Address) (XX)]  -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7553252E-75D9-40C8-9C5F-F8D2F95454EC} | DhcpNameServer : 10.103.0.2 10.103.0.15 [(Private Address) (XX)][(Private Address) (XX)]  -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7553252E-75D9-40C8-9C5F-F8D2F95454EC} | DhcpNameServer : 10.103.0.2 10.103.0.15 [(Private Address) (XX)][(Private Address) (XX)]  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Non sélectionné
 
¤¤¤ Tâches : 0 ¤¤¤
 
¤¤¤ Fichiers : 1 ¤¤¤
[Rans.Gendarm][Fichier] program.lnk -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\program.lnk [LNK@] C:\Windows\system32\rundll32.exe C:\PROGRA~2\EF42F0E2.cpp,zSS1 -> Supprimé(e)
 
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000035f]) ¤¤¤
 
¤¤¤ Navigateurs web : 0 ¤¤¤
 
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] 5c7414884d5140b9f5ed283b90a503e7
[BSP] 559c0f7fad417c10161132f257fac8c9 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 212476 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 435152655 | Size: 25995 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] Le périphérique n'est pas prêt. )
Error reading LL1 MBR! ([45d] Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S. )
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )
 
 
============================================
RKreport_SCN_01222015_220832.log

  • 0

#22
bendevos
Posted 22 January 2015 - 04:10 PM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

I tried again combo fix. Still pending at step 49 (frozen)


  • 0

#23
Biscuithd
Posted 23 January 2015 - 08:26 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

I'm highlighting a line below pertaining to the Delete functions. Are you certain that you performed those functions?

 

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on RogueKiller.png icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
  • Wait patiently until the pre-scan will be done. It shouldn't take more than 2-3 minutes.
  • Accept the Terms of use.
  • When the Scan button becomes available, please click
  • Upon completion, the Delete button will become available. Click it.
  • it. RogueKiller will start a full scan.
  • Removal process may take some time. Also your machine may be restarted during this procedure. It's normal.
  • Let this process run uninterrupted!.
  • When finished, a Report button will become available. Click it. You will be presented with a logfile.

Please include the content of this logfile in your next reply.


  • 0

#24
bendevos
Posted 24 January 2015 - 07:00 AM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

yes I did it but in safe mode I don't know if this matters

 

should I restart everything ?

 

here is frst scan

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Christian (administrator) on PC-DE-CHRISTIAN on 24-01-2015 13:53:31
Running from C:\Users\Christian\Desktop
Loaded Profiles: Christian (Available profiles: Christian)
Platform: Microsoft® Windows Vista™ Édition Familiale Premium  Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [SynTPStart] => C:\Program Files\Synaptics\SynTP\SynTPStart.exe [102400 2007-08-31] (Synaptics, Inc.)
HKLM\...\Run: [LaunchAp] => C:\Program Files\Launch Manager\LaunchAp.exe [32768 2007-09-01] ()
HKLM\...\Run: [HotkeyApp] => C:\Program Files\Launch Manager\HotkeyApp.exe [188416 2007-09-06] (Wistron)
HKLM\...\Run: [CtrlVol] => "C:\Program Files\Launch Manager\CtrlVol.exe"
HKLM\...\Run: [LMgrOSD] => C:\Program Files\Launch Manager\OSD.exe [180224 2006-12-26] (Wistron Corp.)
HKLM\...\Run: [Wbutton] => C:\Program Files\Launch Manager\Wbutton.exe [86016 2007-09-07] (Wistron)
HKLM\...\Run: [Google Desktop Search] => C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
HKLM\...\Run: [toolbar_eula_launcher] => C:\Program Files\GoogleEULA\EULALauncher.exe [16896 2007-02-09] ( )
HKLM\...\Run: [ShStatEXE] => C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [112216 2007-02-22] (McAfee, Inc.)
HKLM\...\Run: [McAfeeUpdaterUI] => C:\Program Files\McAfee\Common Framework\UdaterUI.exe [136768 2006-12-19] (McAfee, Inc.)
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Corel Photo Downloader] => C:\Program Files\Corel\Corel MediaOne\Corel Photo Downloader.exe [483144 2007-08-17] (Corel, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [616632 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-02-02] (Google Inc.)
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Run: [Adobe Reader Synchronizer] => C:\Program Files\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104288 2014-12-03] (Adobe Systems Incorporated)
HKU\S-1-5-18\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK32.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...d=ie&ar=msnhome
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Live Search URL = http://search.live.c...-BE&FORM=MICJF2
SearchScopes: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> {9D5BD211-422C-4164-9298-BB4186A30F31} URL = http://www.bing.com/...-FR&form=MOAWA1
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll (McAfee, Inc.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-2124871150-1497044009-3645244258-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.micros...n/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} http://gfx1.hotmail....NPUpldfr-be.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://belgacom.extr...geUploader5.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {8D9563A9-8D5F-459B-87F2-BA842255CB9A} https://brains.sieme.../WhlCompMgr.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....NPUpldfr-be.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2124871150-1497044009-3645244258-1000: vasco.com/VascoCardReaderPlugin -> C:\Users\Christian\AppData\Roaming\VASCO\VascoCardReaderPlugin\3.2.3.4\npVascoCardReaderPlugin.dll (VASCO Data Security)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2008-11-08]
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected]
FF Extension: SpecialSavings - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected] [2013-03-25]
FF HKU\S-1-5-21-2124871150-1497044009-3645244258-1000\...\Firefox\Extensions: [[email protected]] - C:\Users\Christian\AppData\Roaming\Mozilla\Extensions\[email protected]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4
CHR StartupUrls: Default -> "hxxp://www.search.ask.com/?o=APN10645A&gct=hp&d=406-390&v=a9396-117&t=4"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\39.0.2171.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\UtilityChest_49\bar\1.bin\NP49Stub.dll No File
CHR Plugin: (MindSpark Toolbar Platform Plugin Stub) - C:\Program Files\VideoDownloadConverter_4z\bar\1.bin\NP4zStub.dll No File
CHR Plugin: (3DVIA player) - C:\Program Files\Virtools\3D Life Player\npvirtools.dll No File
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Profile: C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (My Scrap Nook) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnaghjfblmncnfgjddgelpkbhfdflicf [2015-01-20]
CHR Extension: (Google Wallet) - C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
 
========================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [423576 2009-02-24] (Whale Communications, a Microsoft subsidiary)
S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2010-09-07] (Google)
S2 gupdate1ca0724da638462; C:\Program Files\Google\Update\GoogleUpdate.exe [107912 2014-10-23] (Google Inc.)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-12-19] (McAfee, Inc.)
S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2007-02-22] (McAfee, Inc.)
S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2007-02-22] (McAfee, Inc.)
S2 MSSQL$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe [7520337 2002-12-17] (Microsoft Corporation) [File not signed]
S3 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe [66112 2002-12-17] (Microsoft Corporation) [File not signed]
S2 ProtexisLicensing; C:\Windows\system32\PSIService.exe [177704 2007-06-05] ()
S3 SQLAgent$SONY_MEDIAMGR; C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE [311872 2002-12-17] (Microsoft Corporation) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)
S3 WisLMSvc; C:\Program Files\Launch Manager\WisLMSvc.exe [118784 2008-01-15] (Wistron Corp.) [File not signed]
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 GrabsterSeries.X86; C:\Windows\System32\DRIVERS\GrabsterSeries.X86.SYS [316224 2010-01-22] ()
S1 Hotkey; C:\Windows\system32\Drivers\Hotkey.sys [9867 2003-04-28] () [File not signed]
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-21] (Malwarebytes Corporation)
S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.)
S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.)
S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.)
S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2007-02-22] (McAfee, Inc.)
S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.)
R0 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1131136 2007-04-03] (Philips Semiconductors GmbH)
S3 PhilCap; C:\Windows\System32\DRIVERS\PhilCap.sys [908896 2007-07-31] (NXP Semiconductors Germany GmbH)
R0 Si3531; C:\Windows\System32\DRIVERS\Si3531.sys [210736 2007-06-01] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17328 2007-05-25] (Silicon Image, Inc.)
R0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12464 2007-05-25] (Silicon Image, Inc.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-01-24] ()
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [45056 2012-12-13] (Apple, Inc.) [File not signed]
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [X]
U3 mbr; \??\C:\ComboFix\mbr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 13:53 - 2015-01-24 13:53 - 00000000 ____D () C:\Users\Christian\Desktop\FRST-OlderVersion
2015-01-24 13:15 - 2015-01-24 13:25 - 00000000 ____D () C:\ComboFix
2015-01-23 20:01 - 2015-01-23 20:01 - 00000000 ____D () C:\found.002
2015-01-22 22:04 - 2015-01-24 13:35 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-22 22:04 - 2015-01-22 22:04 - 15431256 _____ () C:\Users\Christian\Desktop\RogueKiller.exe
2015-01-22 22:04 - 2015-01-22 22:04 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-21 18:20 - 2015-01-24 13:53 - 00011507 _____ () C:\Users\Christian\Desktop\FRST.txt
2015-01-21 18:20 - 2015-01-21 18:21 - 00030065 _____ () C:\Users\Christian\Desktop\Addition.txt
2015-01-21 18:07 - 2015-01-21 18:07 - 00000000 ____D () C:\Windows\erdnt
2015-01-21 18:07 - 2015-01-21 18:07 - 00000000 ____D () C:\Qoobox
2015-01-21 18:07 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-21 18:07 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-21 18:07 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-21 18:07 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-21 17:32 - 2015-01-23 20:37 - 05609462 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe
2015-01-21 17:29 - 2015-01-21 17:29 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64 (1).exe
2015-01-20 23:09 - 2015-01-20 23:09 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (2).exe
2015-01-20 21:28 - 2015-01-20 21:29 - 00030556 _____ () C:\Users\Christian\Downloads\Addition.txt
2015-01-20 21:27 - 2015-01-20 21:29 - 00034049 _____ () C:\Users\Christian\Downloads\FRST.txt
2015-01-20 21:26 - 2015-01-24 13:53 - 01120768 _____ (Farbar) C:\Users\Christian\Desktop\FRST.exe
2015-01-20 21:26 - 2015-01-24 13:53 - 00000000 ____D () C:\FRST
2015-01-20 21:26 - 2015-01-20 21:26 - 01118208 _____ (Farbar) C:\Users\Christian\Downloads\FRST (1).exe
2015-01-20 20:58 - 2015-01-20 20:59 - 02126848 _____ (Farbar) C:\Users\Christian\Downloads\FRST64.exe
2015-01-20 20:58 - 2015-01-20 20:58 - 00018112 _____ () C:\Users\Christian\Downloads\téléchargement.htm
2015-01-20 20:54 - 2015-01-20 20:54 - 00000000 ____D () C:\_OTL
2015-01-20 19:23 - 2015-01-20 19:23 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6BCB7B62.sys
2015-01-18 22:53 - 2015-01-24 11:34 - 00129667 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 22:50 - 2015-01-24 10:37 - 00049894 _____ () C:\Windows\PFRO.log
2015-01-18 22:46 - 2015-01-18 22:46 - 00063578 _____ () C:\Users\Christian\Desktop\Extras.Txt
2015-01-18 22:45 - 2015-01-20 19:41 - 00067698 _____ () C:\Users\Christian\Desktop\OTL.Txt
2015-01-18 22:15 - 2015-01-18 22:09 - 00602112 _____ (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe
2015-01-18 21:57 - 2015-01-21 21:10 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-18 21:54 - 2015-01-18 21:54 - 00000903 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-18 21:54 - 2015-01-18 21:54 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-18 21:54 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-18 21:54 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-18 21:54 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-18 21:48 - 2015-01-18 21:36 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2015-01-18 21:42 - 2015-01-18 21:42 - 00000000 ____D () C:\Program Files\Canon
2015-01-18 13:22 - 2015-01-18 13:22 - 00000000 ____D () C:\found.001
2015-01-14 16:29 - 2015-01-14 16:29 - 00002425 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2014-12-28 09:41 - 2014-12-28 09:41 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\VASCO
2014-12-28 09:39 - 2014-12-28 09:39 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin (1).exe
2014-12-28 09:38 - 2014-12-28 09:38 - 00000000 ____D () C:\Users\Christian\AppData\Local\Package Cache
2014-12-28 09:37 - 2014-12-28 09:38 - 02349664 _____ (VASCO Data Security) C:\Users\Christian\Downloads\VASCOSmartCardReaderPlugin.exe
2014-12-28 09:15 - 2014-12-28 09:16 - 04339712 _____ () C:\Users\Christian\Downloads\coccole-di-mamma1.pps
2014-12-26 16:04 - 2014-12-26 16:04 - 00020142 _____ () C:\Users\Christian\Documents\josette+jm.tif
2014-12-26 16:01 - 2014-12-26 16:01 - 00013773 _____ () C:\Users\Christian\Documents\irène+jm.tif
2014-12-26 15:59 - 2014-12-26 15:59 - 00007554 _____ () C:\Users\Christian\Documents\odile 1.tif
2014-12-26 15:55 - 2014-12-26 15:55 - 00015931 _____ () C:\Users\Christian\Documents\yvette et jozette.tif
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-24 13:25 - 2006-11-02 11:23 - 00000215 _____ () C:\Windows\system.ini
2015-01-24 11:34 - 2013-02-28 14:02 - 00001002 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-24 11:05 - 2009-07-17 22:29 - 00001056 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-24 10:38 - 2009-07-17 22:29 - 00001052 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-24 10:38 - 2009-01-14 14:52 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\WTablet
2015-01-24 10:37 - 2012-04-28 19:57 - 00000394 _____ () C:\Windows\Tasks\Final Media Player Update Checker.job
2015-01-24 10:37 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-24 10:37 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-24 10:37 - 2006-11-02 13:47 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-23 20:35 - 2008-01-21 09:41 - 01742966 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-23 20:08 - 2006-11-02 14:01 - 00032566 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-20 20:55 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Globalization
2015-01-20 20:25 - 2009-05-15 20:34 - 00000000 ____D () C:\QUARANTINE
2015-01-20 19:42 - 2013-05-30 14:21 - 00000000 ____D () C:\Program Files\Search Results Toolbar
2015-01-18 22:48 - 2013-07-28 17:32 - 00000000 ____D () C:\Users\Christian\AppData\Roaming\SpeedAnalysis2
2015-01-18 22:36 - 2014-06-10 10:08 - 00000000 ____D () C:\ProgramData\BD4BB20635D3174C8E8D07497967FA8D
2015-01-18 21:16 - 2008-12-25 12:00 - 00000000 ____D () C:\Windows\Minidump
2015-01-05 17:14 - 2014-07-02 22:53 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-12-27 13:19 - 2009-05-06 17:48 - 00002687 _____ () C:\Users\Christian\Desktop\Microsoft Office Word 2007.lnk
2014-12-26 15:52 - 2013-01-31 11:56 - 00002581 _____ () C:\Users\Christian\Desktop\ABBYY FineReader 6.0 Sprint.lnk
 
==================== Files in the root of some directories =======
 
2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 _____ () C:\Users\Christian\AppData\Roaming\Mallets
2009-01-08 23:18 - 2009-05-06 17:18 - 0001380 _____ () C:\Users\Christian\AppData\Roaming\wklnhst.dat
2008-10-25 17:18 - 2008-10-25 17:18 - 0000552 _____ () C:\Users\Christian\AppData\Local\d3d8caps.dat
2012-03-15 10:42 - 2014-07-11 21:09 - 0000680 _____ () C:\Users\Christian\AppData\Local\d3d9caps.dat
2008-11-06 17:54 - 2014-12-06 11:42 - 0120832 _____ () C:\Users\Christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-06-05 14:00 - 2009-06-05 14:00 - 0000097 _____ () C:\Users\Christian\AppData\Local\fusioncache.dat
2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\Users\Christian\AppData\Local\olralxi5ci8w
2014-03-26 18:08 - 2014-03-26 18:08 - 95027928 ____T () C:\ProgramData\7t87rjao.bbr
2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\Mail
2013-04-28 17:32 - 2013-04-28 17:32 - 0000000 _____ () C:\ProgramData\MAS
2011-04-06 22:52 - 2011-04-18 09:08 - 0009576 ___SH () C:\ProgramData\olralxi5ci8w
2009-05-25 22:57 - 2013-04-28 17:32 - 0000000 ____H () C:\ProgramData\PKP_DLdu.DAT
 
Some content of TEMP:
====================
C:\Users\Christian\AppData\Local\temp\catchme.dll
C:\Users\Christian\AppData\Local\temp\dllnt_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-24 13:24
 
==================== End Of Log ============================

  • 0

#25
Biscuithd
Posted 25 January 2015 - 07:00 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Yes, restart please :)

 

And, could you post the RogueKiller results. The FRST was helpful, but I'd like to see what RK removed, if anything. If necessary, re-run RK and see what it does this time.


  • 0

Advertisements

#26
bendevos
Posted 25 January 2015 - 08:04 AM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts
RogueKiller V10.2.0.0 [Jan 19 2015] par Adlice Software
 
Système d'exploitation : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Démarré en  : Mode sans échec prise en charge réseau
Utilisateur : Christian [Administrateur]
Mode : Suppression -- Date : 01/25/2015  15:04:00
 
¤¤¤ Processus : 0 ¤¤¤
 
¤¤¤ Registre : 35 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{80922ee0-8a76-46ae-95d5-bd3c3fe0708d} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037} -> Non sélectionné
[PUP] HKEY_CLASSES_ROOT\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1} -> Non sélectionné
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\AFD (\SystemRoot\system32\drivers\afd.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\catchme (\??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme (\??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys) -> Non sélectionné
[Suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\catchme (\??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys) -> Non sélectionné
[PUM.HomePage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Non sélectionné
[PUM.HomePage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.microsoft...d=ie&ar=msnhome  -> Non sélectionné
[PUM.SearchPage] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Non sélectionné
[PUM.SearchPage] HKEY_USERS\S-1-5-21-2124871150-1497044009-3645244258-1000\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Non sélectionné
[PUM.SearchPage] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft...=ie&ar=iesearch  -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7553252E-75D9-40C8-9C5F-F8D2F95454EC} | DhcpNameServer : 10.103.0.2 10.103.0.15 [(Private Address) (XX)][(Private Address) (XX)]  -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{7553252E-75D9-40C8-9C5F-F8D2F95454EC} | DhcpNameServer : 10.103.0.2 10.103.0.15 [(Private Address) (XX)][(Private Address) (XX)]  -> Non sélectionné
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet003\Services\Tcpip\Parameters\Interfaces\{7553252E-75D9-40C8-9C5F-F8D2F95454EC} | DhcpNameServer : 10.103.0.2 10.103.0.15 [(Private Address) (XX)][(Private Address) (XX)]  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 2  -> Non sélectionné
[PUM.StartMenu] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Non sélectionné
 
¤¤¤ Tâches : 0 ¤¤¤
 
¤¤¤ Fichiers : 0 ¤¤¤
 
¤¤¤ Fichier Hosts : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Non chargé [0xc000035f]) ¤¤¤
 
¤¤¤ Navigateurs web : 0 ¤¤¤
 
¤¤¤ Vérification MBR : ¤¤¤
+++++ PhysicalDrive0: WDC WD2500BEVS-22UST0 +++++
--- User ---
[MBR] 5c7414884d5140b9f5ed283b90a503e7
[BSP] 559c0f7fad417c10161132f257fac8c9 : HP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 212476 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
1 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 435152655 | Size: 25995 MB
User = LL1 ... OK
User = LL2 ... OK
 
+++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
Error reading User MBR! ([15] Le périphérique n'est pas prêt. )
Error reading LL1 MBR! ([45d] Impossible de satisfaire à la demande en raison d'une erreur de périphérique d'E/S. )
Error reading LL2 MBR! ([32] Cette demande n'est pas prise en charge. )
 
 
============================================
RKreport_DEL_01222015_220958.log - RKreport_DEL_01232015_201806.log - RKreport_DEL_01242015_131500.log - RKreport_DEL_01242015_131502.log
RKreport_DEL_01242015_131504.log - RKreport_DEL_01242015_131505.log - RKreport_DEL_01242015_131508.log - RKreport_DEL_01242015_134950.log
RKreport_DEL_01242015_135255.log - RKreport_SCN_01222015_220832.log - RKreport_SCN_01232015_201632.log - RKreport_SCN_01242015_131441.log
RKreport_SCN_01242015_134106.log - RKreport_SCN_01242015_135159.log - RKreport_SCN_01252015_145701.log

  • 0

#27
Biscuithd
Posted 25 January 2015 - 08:24 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Does the Delete Button activate? If so, are the lines selected or can you select the lines to delete? My French is poor, but I think the log is telling me that the bad lines have not been selected. Can you tell what you're seeing?


  • 0

#28
bendevos
Posted 25 January 2015 - 01:55 PM

bendevos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 29 posts

indeed, they were not selected. I selected them and deleted... but no change....

 

in the antirootkit tab, there is nothing that can be selected ?


  • 0

#29
Biscuithd
Posted 26 January 2015 - 08:11 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Let's have a look at the HD now as there are quite a few disk errors within you logs.

 

Hard-Drive Maintenance/Repair:

  • Click Start(Windows 7 Orb) >> Run..(or the Windows key and R together) to bring up the Run box.
  • Cut and paste in cleanmgr into the Run box and press OK >> OK
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Delete Files.

Next:-

  • Click on Start(Windows 7 Orb).
  • Click on All Programs >> Accessories
  • Right click on Command Prompt and select Run as Administrator.
  • Click on Continue at the UAC prompt.
  • At the Command Prompt C:\Windows\System32> type in the following exactly:
  • CD C:\
  • Then depress the Enter/Return key, then type in the following exactly:
  • DEFRAG C: -F
  • A Analysis report will be displayed and then Windows will start the Defragmentation run automatically.
  • This may take some time, when completed the Command Prompt C:\ > will appear.
  • Now type in CHKDSK C: /R and hit the Enter/Return key.
  • When prompted with:

CHKDSK cannot run because the volume is in use by another process
Would you like to schedule this volume to be checked next time the system
restarts (Y/N)

  • Hit the Y key then at the Command Prompt C:\ >
  • Type in EXIT and hit the Enter/Return key.
  • Now Reboot(Restart) your computer.

Note: Upon Reboot(Restart) the CHKDSK(check-disk) will start and carry out the repairs required.

You should see a screen like this just after the Post(power on self test) screen:

Windows7CHKDSK.jpg

Note: Do not touch either the keyboard or Mouse, otherwise the Check-Disk will be cancelled and you computer will continue to boot-up as normal.

Next:
Let me know how this goes :)


  • 0

#30
Biscuithd
Posted 30 January 2015 - 07:46 AM

Biscuithd

    Trusted Helper

  • Malware Removal
  • 2,573 posts

Have you had a chance to try this? :)


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP