Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014 Ran by Atelier (administrator) on LAYOLE on 18-06-2014 22:36:51 Running from C:\Documents and Settings\Atelier\Bureau Platform: Microsoft Windows XP Professionnel Service Pack 2 (X86) OS Language: Français (France) Internet Explorer Version 6 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe (Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe () C:\WINDOWS\system32\ServoApp.exe (Edimax Technology Co., Ltd.) C:\Program Files\MFP Server\App\Common\MFPAgent.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE () C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [pdfFactory Pro Dispatcher v1] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe [376832 2003-06-14] (FinePrint Software, LLC) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH) HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.) HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2009-12-18] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated) HKLM\...\Run: [MFP Manager] => C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun HKLM\...\Run: [Server Application] => C:\WINDOWS\system32\ServoApp.exe [417792 2007-05-20] () HKLM\...\Run: [GDI Manager] => C:\Program Files\MFP Server\App\Common\MFPAgent.exe [741376 2008-05-06] (Edimax Technology Co., Ltd.) HKU\.DEFAULT\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" HKU\.DEFAULT\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation) HKU\S-1-5-19\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" HKU\S-1-5-19\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation) HKU\S-1-5-20\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" HKU\S-1-5-20\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation) HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\Run: [EPSON Stylus SX400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [188928 2007-12-17] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\MountPoints2: {0f397ba2-a9e3-11df-a309-0011117932e1} - G:\PMBP_Win.exe HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\MountPoints2: {fd5568bf-5a73-11e3-a50e-0011117932e1} - E:\Samsung_Drive_Manager.exe Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire Olitec.lnk ShortcutTarget: Lancer l'utilitaire Olitec.lnk -> C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe () Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.) Startup: C:\Documents and Settings\Atelier\Menu Démarrer\Programmes\Démarrage\Canon IJ Status Monitor Canon iP4600 series.lnk ShortcutTarget: Canon IJ Status Monitor Canon iP4600 series.lnk -> C:\DOCUME~1\Atelier\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP4600 series;cnmss Canon iP4600 series (Local).dll;Canon IJ Status Monitor Canon iP4600 series.lnk (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial) Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Liens - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default FF DefaultSearchEngine: Mysearchdial FF SearchEngineOrder.1: Mysearchdial FF SelectedSearchEngine: Mysearchdial FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir= FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF user.js: detected! => C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\user.js FF SearchPlugin: C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml FF Extension: mysearchdial.com - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\ffxtlbr@mysearchdial.com [2014-03-10] FF Extension: Mega Browse - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi [2014-03-07] FF Extension: MySearchDial - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-16] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] ========================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2011-06-23] (Avira GmbH) [File not signed] R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2011-06-23] (Avira GmbH) [File not signed] S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-09] () [File not signed] S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2005-12-15] (Microsoft Corp., Veritas Software) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 MDM; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed] S3 odserv; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation) S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation) S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25088 2005-12-15] (Microsoft Corporation) [File not signed] ==================== Drivers (Whitelisted) ==================== R2 ALIWEHCD; C:\WINDOWS\System32\Drivers\mfpec.sys [34944 2007-05-06] (None) R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [56816 2011-06-23] (Avira GmbH) R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH) S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2005-12-15] (Microsoft Corp., Veritas Software) [File not signed] S3 OLITEC(OLITEC); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [247296 2004-09-29] (ZyDAS Technology Corporation) [File not signed] R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2005-12-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed] R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2011-06-23] (Avira GmbH) R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359808 2005-12-15] (Microsoft Corporation) [File not signed] S3 WlanUIG; C:\WINDOWS\System32\DRIVERS\WlanUIG.sys [379456 2005-06-17] (Conexant Systems, Inc.) R3 WUSBVBus; C:\WINDOWS\System32\DRIVERS\mfpvbus.sys [10240 2006-10-20] (None) R3 ZDPNDIS5; C:\WINDOWS\system32\ZDPNDIS5.SYS [17151 2004-01-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 PCANDIS5; \??\C:\WINDOWS\system32\PCANDIS5.SYS [X] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-18 22:36 - 2014-06-18 22:37 - 00017144 _____ () C:\Documents and Settings\Atelier\Bureau\FRST.txt 2014-06-18 22:35 - 2014-06-18 22:35 - 01072128 _____ (Farbar) C:\Documents and Settings\Atelier\Bureau\FRST.exe 2014-06-18 22:23 - 2014-06-18 22:36 - 00000000 ____D () C:\FRST 2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\Adobe 2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee Security Scan Plus ==================== One Month Modified Files and Folders ======= 2014-06-18 22:37 - 2014-06-18 22:36 - 00017144 _____ () C:\Documents and Settings\Atelier\Bureau\FRST.txt 2014-06-18 22:37 - 2009-10-27 09:58 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Temp 2014-06-18 22:36 - 2014-06-18 22:23 - 00000000 ____D () C:\FRST 2014-06-18 22:36 - 2009-10-27 09:58 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau 2014-06-18 22:35 - 2014-06-18 22:35 - 01072128 _____ (Farbar) C:\Documents and Settings\Atelier\Bureau\FRST.exe 2014-06-18 22:35 - 2013-12-21 11:08 - 00000000 ____D () C:\Documents and Settings\Atelier\Mes documents\Téléchargements 2014-06-18 22:34 - 2009-10-27 09:58 - 00000000 ___RD () C:\Documents and Settings\Atelier\Menu Démarrer\Programmes 2014-06-18 22:32 - 2014-03-07 18:17 - 00001058 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-18 22:06 - 2013-12-23 10:26 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-06-18 22:01 - 2014-03-09 22:39 - 00000398 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job 2014-06-18 21:56 - 2009-10-27 10:25 - 01012756 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-18 21:52 - 2009-10-27 10:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-18 21:52 - 2009-10-27 10:27 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2014-06-18 21:52 - 2009-10-27 09:33 - 01604116 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-18 21:51 - 2014-03-07 18:17 - 00001054 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-18 21:51 - 2009-10-27 09:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-18 21:51 - 2005-12-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-16 12:58 - 2009-10-27 09:58 - 00000184 ___SH () C:\Documents and Settings\Atelier\ntuser.ini 2014-06-16 12:58 - 2009-10-27 09:57 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-16 12:47 - 2014-03-09 22:47 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job 2014-06-15 21:41 - 2014-03-09 22:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant 2014-06-15 21:41 - 2014-03-09 22:39 - 00000454 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job 2014-06-15 21:41 - 2014-03-09 22:38 - 00000000 ____D () C:\Program Files\File Type Assistant 2014-06-14 23:37 - 2011-05-15 07:57 - 00000000 ___RD () C:\Documents and Settings\Atelier\Mes documents\Mes images 2014-06-14 22:20 - 2009-10-27 10:24 - 00697172 _____ () C:\WINDOWS\setupapi.log 2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\Adobe 2014-06-12 21:46 - 2013-12-23 10:26 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2014-06-12 21:46 - 2013-12-23 10:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2014-06-09 14:37 - 2014-03-09 22:39 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\FileTypeAssistant 2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan 2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee Security Scan Plus 2014-06-09 14:31 - 2013-12-23 10:28 - 00001773 _____ () C:\Documents and Settings\All Users\Bureau\McAfee Security Scan Plus.lnk 2014-06-09 14:31 - 2013-12-23 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan 2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage 2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes 2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Bureau 2014-06-01 10:00 - 2013-12-02 19:10 - 00000000 ____D () C:\Documents and Settings\Atelier\Mes documents\Annuaire téléphonique 2014-06-01 09:56 - 2013-12-01 12:42 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau\photo 2014-05-19 16:52 - 2014-04-30 15:33 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau\ALICIA Files to move or delete: ==================== C:\Documents and Settings\Atelier\cnmss Canon iP4600 series (Local).dll C:\Windows\Tasks\At1.job Some content of TEMP: ==================== C:\Documents and Settings\Atelier\Local Settings\Temp\ImationLock.exe C:\Documents and Settings\Atelier\Local Settings\Temp\MSETUP4.EXE C:\Documents and Settings\Atelier\Local Settings\Temp\_isAB.exe C:\Documents and Settings\Atelier\Local Settings\Temp\_isAC.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================