Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-07-2015 Ran by Clémentine (administrator) on CLÉMENTINE-PC on 16-07-2015 23:29:21 Running from C:\Users\Clémentine\Desktop Loaded Profiles: Clémentine (Available Profiles: Clémentine) Platform: Microsoft Windows 7 Entreprise Service Pack 1 (X86) OS Language: Français (France) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Seiko Epson Corporation) C:\Windows\System32\escsvc.exe (SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Marvell Semiconductor, Inc.) C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Dell) C:\Users\Clémentine\AppData\Local\Apps\2.0\T0GJ8710.NP2\N65XEEL8.5R5\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (TeamViewer GmbH) C:\Program Files\TeamViewer\TeamViewer_Service.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\wuauclt.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe () C:\Windows\System32\notepad.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation) HKLM\...\Run: [PrnStatusMX] => C:\Program Files\Hewlett-Packard\PrnStatusMX\PrnStatusMX.exe [1077248 2012-07-04] (Marvell Semiconductor, Inc.) HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [EPLTarget\P0000000000000000] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIJHE.EXE [249440 2012-02-27] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_TATIHEE.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-912731831-3549031389-3632180545-1000\...\Run: [DellSystemDetect] => C:\Users\Clémentine\AppData\Local\Apps\2.0\T0GJ8710.NP2\N65XEEL8.5R5\dell..tion_e30b47f5d4a30e9e_0005.000d_4ab2a66cfade09be\DellSystemDetect.exe [276776 2014-12-21] (Dell) HKU\S-1-5-21-912731831-3549031389-3632180545-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\ssText3d.scr [293888 2010-11-20] (Microsoft Corporation) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled ProxyServer: [.DEFAULT] => http=127.0.0.1:52591;https=127.0.0.1:52591 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-912731831-3549031389-3632180545-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-05-11] (Oracle Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2014-03-29] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{5468AF06-5AFF-4611-A61F-11FB7E582BFC}: [NameServer] 52.18.92.32,8.8.8.8 Tcpip\..\Interfaces\{5468AF06-5AFF-4611-A61F-11FB7E582BFC}: [DhcpNameServer] 192.168.2.1 Tcpip\..\Interfaces\{90559B1A-FC90-4BA4-98F5-988F4027F58D}: [NameServer] 52.18.92.32,8.8.8.8 Tcpip\..\Interfaces\{e29ac6c2-7037-11de-816d-806e6f6e6963}: [NameServer] 52.18.92.32,8.8.8.8 FireFox: ======== FF ProfilePath: C:\Users\Clémentine\AppData\Roaming\Mozilla\Firefox\Profiles\t6bxagwp.default-1436728464657 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-15] () FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll [2015-05-11] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-05-11] (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.) FF Plugin: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.) FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN) FF Plugin HKU\S-1-5-21-912731831-3549031389-3632180545-1000: @verimatrix.com/ViewRightWeb -> C:\Program Files\Verimatrix\ViewRight Web\\npViewRight.dll [2014-06-10] (Verimatrix, Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\oursurfing.xml [2015-05-11] Chrome: ======= CHR Profile: C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-18] CHR Extension: (Google Drive) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-18] CHR Extension: (YouTube) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-18] CHR Extension: (Google Search) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-18] CHR Extension: (Blockulicious) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\kngglkijfekbhidmchmlfmpkdffmedob [2015-07-16] CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-12] CHR Extension: (Google Wallet) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-12] CHR Extension: (Gmail) - C:\Users\Clémentine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-18] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation) R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [142432 2012-09-27] (SEIKO EPSON CORPORATION) R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company) R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [259824 2014-01-08] () R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation) R2 TeamViewer; C:\Program Files\TeamViewer\TeamViewer_Service.exe [5429520 2015-01-30] (TeamViewer GmbH) R2 Themes; C:\Windows\system32\themeservice.dll [37376 2010-07-09] (Microsoft Corporation) [File not signed] S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2725616 2014-01-08] (Intel® Corporation) S2 CoupoonService; C:\Program Files\coupoon\iiwjljrnpc.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation) R1 MpKslcafbc566; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{3BBE7B61-5D2D-4CD6-9A05-AD4A90DB5C11}\MpKslcafbc566.sys [39168 2015-07-16] (Microsoft Corporation) S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [31488 2014-01-08] (Intel Corporation ) R3 NETwNs32; C:\Windows\System32\DRIVERS\NETwsn00.sys [10374144 2014-01-26] (Intel Corporation) S3 SIS163u; C:\Windows\System32\DRIVERS\sis163u.sys [215040 2005-06-20] (SiS Corporation) R0 stdcfltn; C:\Windows\System32\DRIVERS\stdcfltn.sys [17904 2011-07-15] (ST Microelectronics) R3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [59888 2012-05-21] (STMicroelectronics) S3 TTCinergyT2; C:\Windows\System32\drivers\TTCinergyT2BDA.sys [22528 2005-10-06] (TerraTec Electronic GmbH) R2 webTinstMKTN84; C:\Windows\system32\Drivers\webTinstMKTN84.sys [43512 2015-05-16] () <==== ATTENTION S1 BAPIDRV; system32\DRIVERS\BAPIDRV.sys [X] S3 catchme; \??\C:\Users\CLMENT~1\AppData\Local\Temp\catchme.sys [X] S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X] S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X] S3 tsusbhub; system32\drivers\tsusbhub.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 23:29 - 2015-07-16 23:29 - 00012486 _____ C:\Users\Clémentine\Desktop\FRST.txt 2015-07-16 23:21 - 2015-07-16 23:21 - 00034490 _____ C:\Users\Clémentine\Downloads\Shortcut.txt 2015-07-16 23:20 - 2015-07-16 23:21 - 00042650 _____ C:\Users\Clémentine\Downloads\Addition.txt 2015-07-16 23:20 - 2015-07-16 23:21 - 00022836 _____ C:\Users\Clémentine\Downloads\FRST.txt 2015-07-16 23:19 - 2015-07-16 23:29 - 00000000 ____D C:\FRST 2015-07-16 23:19 - 2015-07-16 23:19 - 01636864 _____ (Farbar) C:\Users\Clémentine\Desktop\FRST.exe 2015-07-16 23:09 - 2015-07-16 23:09 - 00000556 _____ C:\Windows\PFRO.log 2015-07-16 23:09 - 2015-07-16 23:09 - 00000056 _____ C:\Windows\setupact.log 2015-07-16 23:09 - 2015-07-16 23:09 - 00000000 _____ C:\Windows\setuperr.log 2015-07-16 22:42 - 2015-07-16 22:42 - 00006199 _____ C:\Users\Clémentine\Desktop\JRT.txt 2015-07-16 22:37 - 2015-07-16 22:37 - 01798288 _____ (Malwarebytes Corporation) C:\Users\Clémentine\Downloads\JRT.exe 2015-07-16 20:43 - 2015-07-16 22:19 - 00000443 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2015-07-16 20:25 - 2015-07-16 20:25 - 00027695 _____ C:\ComboFix.txt 2015-07-16 19:59 - 2015-07-16 20:00 - 05634275 ____R (Swearware) C:\Users\Clémentine\Downloads\ComboFix.exe 2015-07-16 19:39 - 2015-07-16 19:40 - 00001676 _____ C:\Users\Public\Desktop\sapo internet móvel.lnk 2015-07-16 19:39 - 2015-07-16 19:40 - 00000000 ____D C:\Windows\system32\SupportAppPT 2015-07-16 19:39 - 2015-07-16 19:40 - 00000000 ____D C:\Program Files\sapo internet móvel 2015-07-16 19:39 - 2015-07-16 19:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\sapo internet móvel 2015-07-16 19:37 - 2015-07-16 19:38 - 00000000 ____D C:\Users\Clémentine\Desktop\sapo internet móvel 2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbser6k.sys 2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbnmea.sys 2015-07-16 19:37 - 2015-07-16 18:36 - 00104960 _____ (ZTE Incorporated) C:\Windows\system32\Drivers\ZTEusbmdm6k.sys 2015-07-13 19:39 - 2015-07-13 20:50 - 00000000 ____D C:\Users\Clémentine\Desktop\tel maman 2015-07-12 22:17 - 2015-07-12 22:17 - 00001347 _____ C:\Users\Clémentine\Desktop\Star Trek Online.lnk 2015-07-12 21:52 - 2015-07-12 21:52 - 00015800 _____ C:\Windows\system32\results.xml 2015-07-12 21:49 - 2015-07-12 21:49 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter 2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\Users\Clémentine\AppData\Local\Intel 2015-07-12 21:30 - 2015-07-12 21:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rapid Media Converter 2015-07-12 21:06 - 2015-07-12 21:06 - 00000000 ____D C:\Program Files\SystemRequirementsLab 2015-07-12 21:05 - 2015-07-12 21:05 - 00638976 _____ C:\Users\Clémentine\Downloads\Detection(2).msi 2015-07-09 23:27 - 2015-06-28 16:06 - 734003488 _____ C:\Users\Clémentine\Desktop\Pourquoi j'ai pas Mangé mon Père (Film 2h12mn VF).avi 2015-06-18 22:16 - 2015-06-18 22:16 - 00000000 ____D C:\Users\Clémentine\AppData\Local\mva3vwetn0ljbmz ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-07-16 23:24 - 2014-12-24 00:58 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-07-16 23:20 - 2014-03-23 14:44 - 00001054 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-07-16 23:19 - 2014-03-23 14:44 - 00001058 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-07-16 23:18 - 2014-03-23 00:07 - 01987085 _____ C:\Windows\WindowsUpdate.log 2015-07-16 23:10 - 2009-07-14 06:53 - 00032496 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2015-07-16 23:10 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-07-16 23:09 - 2009-07-14 06:34 - 00010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-07-16 23:09 - 2009-07-14 06:34 - 00010336 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-07-16 23:05 - 2015-05-23 21:21 - 00000000 ____D C:\Users\Clémentine\AppData\Local\CrashDumps 2015-07-16 23:04 - 2014-05-31 11:31 - 00000000 ____D C:\AdwCleaner 2015-07-16 23:02 - 2015-06-15 18:46 - 00002165 _____ C:\Users\Clémentine\Desktop\Google Chrome.lnk 2015-07-16 23:01 - 2009-07-14 04:37 - 00000000 __RSD C:\Windows\Media 2015-07-16 22:51 - 2014-05-31 11:31 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-07-16 22:46 - 2015-05-11 22:51 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\4C4C4544-1431377460-4D10-804E-C8C04F324D31 2015-07-16 22:21 - 2015-05-11 22:55 - 00000000 ____D C:\Users\Clémentine\AppData\Local\4C4C4544-1431384901-4D10-804E-C8C04F324D31 2015-07-16 22:19 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp 2015-07-16 22:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF 2015-07-16 20:45 - 2014-03-23 00:12 - 01667292 _____ C:\Windows\system32\PerfStringBackup.INI 2015-07-16 20:27 - 2015-05-23 21:01 - 00000000 ____D C:\Users\Clémentine\AppData\Local\VirtualStore 2015-07-16 20:25 - 2014-12-07 01:40 - 00000000 ____D C:\Qoobox 2015-07-16 20:23 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini 2015-07-16 20:09 - 2014-12-07 01:39 - 00000000 ____D C:\Windows\erdnt 2015-07-16 20:09 - 2009-07-14 04:03 - 52428800 _____ C:\Windows\system32\config\SOFTWARE.bak 2015-07-16 20:09 - 2009-07-14 04:03 - 38273024 _____ C:\Windows\system32\config\COMPON~1.bak 2015-07-16 20:09 - 2009-07-14 04:03 - 18087936 _____ C:\Windows\system32\config\SYSTEM.bak 2015-07-16 20:09 - 2009-07-14 04:03 - 00524288 _____ C:\Windows\system32\config\DEFAULT.bak 2015-07-16 20:09 - 2009-07-14 04:03 - 00262144 _____ C:\Windows\system32\config\SECURITY.bak 2015-07-16 20:09 - 2009-07-14 04:03 - 00065536 _____ C:\Windows\system32\config\SAM.bak 2015-07-16 19:39 - 2014-12-08 02:28 - 00000000 ___HD C:\Program Files\InstallShield Installation Information 2015-07-16 19:22 - 2014-03-29 23:12 - 00000000 ____D C:\Windows\system32\MRT 2015-07-14 23:56 - 2014-12-23 20:33 - 00000000 ____D C:\ProgramData\HitmanPro 2015-07-12 23:20 - 2014-12-26 00:11 - 00000000 ____D C:\Users\Clémentine\Documents\TrackMania 2015-07-12 23:00 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2015-07-12 22:32 - 2014-12-25 22:32 - 00000000 ____D C:\ProgramData\IRtDZJqW 2015-07-12 22:32 - 2014-12-23 20:55 - 00000000 ____D C:\Windows\Minidump 2015-07-12 22:31 - 2014-12-25 22:30 - 00000000 ____D C:\Program Files\TmSunriseDemoMag 2015-07-12 21:56 - 2014-03-23 00:11 - 00000000 ____D C:\Users\Clémentine 2015-07-12 21:52 - 2014-03-23 02:01 - 00000000 ____D C:\ProgramData\Intel 2015-07-12 21:49 - 2014-03-23 00:32 - 00000000 ____D C:\Program Files\Intel 2015-07-12 21:46 - 2014-03-23 01:57 - 00000000 ____D C:\ProgramData\Package Cache 2015-07-12 21:02 - 2015-03-22 18:36 - 00000000 ____D C:\Users\Clémentine\Desktop\tablette 2015-07-12 20:51 - 2014-12-23 21:48 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2015-07-12 20:47 - 2015-05-16 16:55 - 00000000 ____D C:\Program Files\version58SpeedCheck 2015-07-12 20:33 - 2014-12-23 21:48 - 00001083 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-07-12 20:28 - 2015-01-07 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2015-07-12 20:08 - 2015-02-03 01:25 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\TeamViewer 2015-07-12 20:08 - 2014-12-23 22:22 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\DAEMON Tools Lite 2015-07-12 20:08 - 2014-03-29 21:49 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\uTorrent 2015-07-10 12:41 - 2014-06-08 11:06 - 00000000 ____D C:\Users\Clémentine\AppData\Roaming\vlc 2015-07-10 12:40 - 2014-10-12 22:37 - 00000000 ____D C:\Users\Clémentine\Desktop\film 2015-07-10 12:37 - 2014-04-01 17:55 - 00000000 ____D C:\Users\Clémentine\Desktop\copain 2015-07-10 12:21 - 2014-12-23 18:22 - 00000000 ____D C:\Users\Clémentine\Desktop\david carreira 2015-07-05 12:11 - 2014-03-23 00:45 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2015-07-03 08:49 - 2014-03-29 23:12 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-18 22:03 - 2015-05-16 16:55 - 00002323 _____ C:\Windows\patsearch.bin ==================== Files in the root of some directories ======= 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0I 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\ApstRPXkPr0I.exe 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\C4aaoVlg1UkYxM5DDt 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\JobalYqSxnpoLgs 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\JobalYqSxnpoLgs.exe 2015-01-25 18:12 - 2015-01-25 18:12 - 0001248 _____ () C:\Users\Clémentine\AppData\Roaming\JVUEG 2014-03-23 15:31 - 2015-01-12 01:23 - 0000139 _____ () C:\Users\Clémentine\AppData\Roaming\WB.CFG 2015-04-14 18:28 - 2015-04-14 18:28 - 0004387 _____ () C:\Users\Clémentine\AppData\Roaming\xpkqFDxR 2015-04-19 14:20 - 2015-04-19 14:20 - 0005872 _____ () C:\Users\Clémentine\AppData\Roaming\ZYxpoKehBs3Wvw4fx6gcxHJ1jD 2015-04-20 16:05 - 2015-04-20 16:05 - 1579520 _____ () C:\Users\Clémentine\AppData\Roaming\ZYxpoKehBs3Wvw4fx6gcxHJ1jD.exe Some files in TEMP: ==================== C:\Users\Clémentine\AppData\Local\temp\Quarantine.exe C:\Users\Clémentine\AppData\Local\temp\sqlite3.dll C:\Users\Clémentine\AppData\Local\temp\{1F8F0212-F65B-4C40-AFB7-0AC782FD1FE1}-GoogleUpdateSetup.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => MD5 is legit C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-07-12 22:53 ==================== End of log ============================