Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-01-2014 01 Ran by Nous tous (administrator) on ACER-16DB62F099 on 09-01-2014 21:06:20 Running from C:\Documents and Settings\Nous tous\Bureau Microsoft Windows XP Édition familiale Service Pack 3 (X86) OS Language: French Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\HP Software Update\hpwuSchd2.exe (FK Software) C:\Program Files\Horloge\Horloge.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (ArcSoft Inc.) C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Nero AG) C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe (Devguru Co., Ltd.) C:\WINDOWS\system32\dgdersvc.exe (Teruten) C:\WINDOWS\system32\FsUsbExService.Exe (Hewlett-Packard Company) C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe (CybelSoft) C:\Program Files\ma-config.com\MaConfigAgent.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (HP) C:\WINDOWS\system32\HPZipm12.exe () C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-26] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-02-19] (Hewlett-Packard Development Company, L.P.) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) HKCU\...\Run: [Horloge] - C:\Program Files\Horloge\Horloge.exe [233472 2006-09-17] (FK Software) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-07-27] (Google Inc.) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\Default User\...\Run: [eRecoveryService] - [x] HKU\Default User\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-14] (Microsoft Corporation) AppInit_DLLs: C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll [123392 2011-06-14] (Google) Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Démarrage rapide de HP Photosmart Premier.lnk ShortcutTarget: Démarrage rapide de HP Photosmart Premier.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.) Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Development Company, L.P.) Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Microsoft Office.lnk ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sfr.fr/portail.html HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKLM - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&query={searchTerms}&invocationType=tb50-ie-winamp-chromesbox-en-us&tb_uuid=20110402132827921&tb_oid=02-04-2011&tb_mrud=02-04-2011 SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {70D46D94-BF1E-45ED-B567-48701376298E} URL = http://127.0.0.1:4664/search&s=ji9zkWaspy3L73UMYYxc9k6Lkek?q={searchTerms} SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: IEPlugin Class - {11222041-111B-46E3-BD29-EFB2449479B1} - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll (ArcSoft, Inc.) BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () Toolbar: HKLM - PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Liens - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File DPF: {0972B098-DEE9-4279-AC7E-4BAAA029102D} http://assets.photobox.com/assets/aurigma/ImageUploader5.cab?20111026060252 DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.photoplus.fr/aurigma/ImageUploader6.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.adobe.com/pub/shockwave/cabs/flash/swflash.cab Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\msdaipp.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default FF user.js: detected! => C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\user.js FF DefaultSearchEngine: Mysearchdial FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF SearchPlugin: C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\searchplugins\babylon1.xml FF SearchPlugin: C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\searchplugins\Mysearchdial.xml FF SearchPlugin: C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\searchplugins\sweetim.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazon-france.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\cnrtl-tlfi-fr.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-france.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\googledesktop.xml FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-france.xml FF Extension: General Crawler - C:\Documents and Settings\Nous tous\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com FF Extension: MySearchDial NewTab - C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8} FF Extension: IMinent Toolbar - C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} FF Extension: SweetIM Toolbar for Firefox - C:\Documents and Settings\Nous tous\Application Data\Mozilla\Firefox\Profiles\wtsvlqi9.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} FF Extension: Reganam Toolbar - C:\Program Files\Mozilla Firefox\extensions\Reganam.xpi FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}] - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox FF Extension: Internet Video Downloader - C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox Chrome: ======= CHR HomePage: hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtD0F0E0A0C0A0Dzy0Czy0D0A0D0DtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1988137724&ir= CHR RestoreOnStartup: "hxxp://start.mysearchdial.com/?f=1&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtD0F0E0A0C0A0Dzy0Czy0D0A0D0DtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1988137724&ir=" CHR DefaultSearchKeyword: mysearchdial.com CHR DefaultSearchProvider: Mysearchdial CHR DefaultSearchURL: http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dsites&cd=2XzuyEtN2Y1L1QzutDtDtD0F0E0A0C0A0Dzy0Czy0D0A0D0DtN0D0Tzu0SyCzyyEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R&cr=1988137724&ir= CHR Extension: (General Crawler) - C:\Documents and Settings\Nous tous\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel\2.5_0 CHR Extension: () - C:\Documents and Settings\Nous tous\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\Temp\scoped_dir_980_26009 CHR HKLM\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Documents and Settings\Nous tous\Application Data\Media Finder\Extensions\gencrawler_gc.crx CHR HKLM\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Documents and Settings\Nous tous\Application Data\Media Finder\Extensions\mf_plugin_gc.crx ========================== Services (Whitelisted) ================= R2 ACDaemon; C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440376 2013-12-26] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-28] (Avira Operations GmbH & Co. KG) R2 Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55184 2012-08-11] (Apple Inc.) R2 DeviceMonitorService; C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe [87368 2011-09-19] (Nero AG) R2 dgdersvc; C:\WINDOWS\system32\dgdersvc.exe [95568 2010-05-25] (Devguru Co., Ltd.) S3 GoogleDesktopManager-051210-111108; C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe [30192 2011-06-14] (Google) S3 HP Port Resolver; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE [81920 2005-05-20] (Hewlett-Packard Company) S3 HP Status Server; C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE [73728 2004-10-16] (Hewlett-Packard Company) R2 LightScribeService; C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe [53248 2005-06-20] (Hewlett-Packard Company) R2 MaConfigAgent; C:\Program Files\ma-config.com\MaConfigAgent.exe [2077008 2014-01-08] (CybelSoft) R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [120728 2012-10-23] () ==================== Drivers (Whitelisted) ==================== R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [556416 2003-12-05] (Philips Semiconductors GmbH) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-26] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135648 2013-12-26] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-28] (Avira Operations GmbH & Co. KG) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R3 FsUsbExDisk; C:\WINDOWS\system32\FsUsbExDisk.SYS [36608 2010-05-28] () S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [113664 2004-08-12] (Windows (R) Server 2003 DDK provider) R3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49664 2006-04-13] (HP) R3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2005-10-22] (HP) R3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2006-04-13] (HP) R3 HSFHWBS2; C:\Windows\System32\DRIVERS\HSFBS2S2.sys [220032 2004-08-05] (Conexant Systems, Inc.) R3 HSF_DP; C:\Windows\System32\DRIVERS\HSFDPSP2.sys [1041536 2004-08-05] (Conexant Systems, Inc.) S3 int15.sys; C:\Program Files\acer\erecovery\int15.sys [69632 2005-01-13] () R0 m5287; C:\Windows\System32\drivers\m5287.sys [76544 2004-12-15] (ULi Electronics Inc.) S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola) S3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R3 pctvvbi; C:\Windows\System32\DRIVERS\pctvvbi.sys [6400 2002-11-11] (Pinnacle Systems) S3 pepifilter; C:\Windows\System32\DRIVERS\lv302af.sys [5915 2004-01-21] (Labtec Inc.) R3 Pfc; C:\Windows\System32\drivers\pfc.sys [14604 2002-06-17] (Padus, Inc.) S3 PID_08A0; C:\Windows\System32\DRIVERS\LV302AV.SYS [271360 2004-01-21] (Labtec Inc.) R3 RTL8023xp; C:\Windows\System32\DRIVERS\Rtlnicxp.sys [70912 2004-12-02] (Realtek Semiconductor Corporation ) S3 sscebus; C:\Windows\System32\DRIVERS\sscebus.sys [98560 2010-12-21] (MCCI Corporation) S3 sscemdfl; C:\Windows\System32\DRIVERS\sscemdfl.sys [14848 2010-12-21] (MCCI Corporation) S3 sscemdm; C:\Windows\System32\DRIVERS\sscemdm.sys [123648 2010-12-21] (MCCI Corporation) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-02-24] (Avira GmbH) S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [181344 2012-07-31] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 winachsf; C:\Windows\System32\DRIVERS\HSFCXTS2.sys [685056 2004-08-05] (Conexant Systems, Inc.) S3 ZTEusbvoice; C:\Windows\System32\DRIVERS\ZTEusbvoice.sys [105344 2009-01-12] (ZTE Incorporated) S4 IntelIde; No ImagePath S3 PROCEXP151; \??\C:\WINDOWS\system32\Drivers\PROCEXP151.SYS [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2006-09-07] () U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-01-09 21:06 - 2014-01-09 21:06 - 00020310 _____ C:\Documents and Settings\Nous tous\Bureau\FRST.txt 2014-01-09 21:06 - 2014-01-09 21:06 - 00000000 ____D C:\FRST 2014-01-09 20:47 - 2014-01-09 20:48 - 01065947 _____ (Farbar) C:\Documents and Settings\Nous tous\Bureau\FRST.exe 2014-01-09 20:45 - 2014-01-09 20:45 - 01931770 _____ (Farbar) C:\Documents and Settings\Nous tous\Bureau\FRST64.exe 2014-01-09 13:24 - 2014-01-09 13:24 - 00000742 _____ C:\Documents and Settings\All Users\Bureau\Ma-Config.com - Démarrer la détection.lnk 2014-01-09 13:24 - 2014-01-09 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com 2014-01-06 09:36 - 2014-01-06 09:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-01.dmp 2013-12-26 10:11 - 2013-12-26 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PrintMe Internet Printing 2013-12-12 12:16 - 2013-12-12 12:16 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth 2013-12-11 19:45 - 2013-12-11 19:46 - 00013178 _____ C:\WINDOWS\KB2898785-IE8.log 2013-12-11 19:45 - 2013-12-11 19:46 - 00004033 _____ C:\WINDOWS\updspapi.log 2013-12-11 19:45 - 2013-12-11 19:45 - 00005350 _____ C:\WINDOWS\KB2904266.log 2013-12-11 19:45 - 2013-12-11 19:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-11 19:45 - 2013-12-11 19:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-11 19:42 - 2013-12-11 19:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-11 19:41 - 2014-01-07 13:51 - 00001130 _____ C:\WINDOWS\setupact.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00036950 _____ C:\WINDOWS\FaxSetup.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00017736 _____ C:\WINDOWS\ocgen.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00014154 _____ C:\WINDOWS\tsoc.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00012345 _____ C:\WINDOWS\comsetup.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00007464 _____ C:\WINDOWS\ntdtcsetup.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00006001 _____ C:\WINDOWS\iis6.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00002052 _____ C:\WINDOWS\ocmsn.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00001854 _____ C:\WINDOWS\msgsocm.log 2013-12-11 19:41 - 2013-12-11 19:46 - 00001393 _____ C:\WINDOWS\imsins.log 2013-12-11 19:41 - 2013-12-11 19:45 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-12-11 19:41 - 2013-12-11 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-11 19:41 - 2013-12-11 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$ 2013-12-11 19:41 - 2013-12-11 19:41 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-12-11 14:29 - 2013-12-11 19:45 - 00010493 _____ C:\WINDOWS\KB2898715.log 2013-12-11 14:29 - 2013-12-11 19:42 - 00009327 _____ C:\WINDOWS\KB2893294.log 2013-12-11 14:29 - 2013-12-11 19:41 - 00010081 _____ C:\WINDOWS\KB2893984.log 2013-12-11 14:29 - 2013-12-11 19:41 - 00008759 _____ C:\WINDOWS\KB2892075.log ==================== One Month Modified Files and Folders ======= 2014-01-09 21:06 - 2014-01-09 21:06 - 00020310 _____ C:\Documents and Settings\Nous tous\Bureau\FRST.txt 2014-01-09 21:06 - 2014-01-09 21:06 - 00000000 ____D C:\FRST 2014-01-09 21:06 - 2011-03-11 15:29 - 00000000 ____D C:\Documents and Settings\Nous tous\Bureau 2014-01-09 20:48 - 2014-01-09 20:47 - 01065947 _____ (Farbar) C:\Documents and Settings\Nous tous\Bureau\FRST.exe 2014-01-09 20:45 - 2014-01-09 20:45 - 01931770 _____ (Farbar) C:\Documents and Settings\Nous tous\Bureau\FRST64.exe 2014-01-09 20:37 - 2012-05-09 16:48 - 00001002 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-01-09 20:14 - 2011-07-27 16:53 - 00001062 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-01-09 16:14 - 2011-07-27 16:53 - 00001058 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-01-09 14:36 - 2005-03-21 09:56 - 01425372 _____ C:\WINDOWS\WindowsUpdate.log 2014-01-09 14:34 - 2005-03-21 09:54 - 00000159 _____ C:\WINDOWS\wiadebug.log 2014-01-09 14:34 - 2005-03-21 09:54 - 00000050 _____ C:\WINDOWS\wiaservc.log 2014-01-09 14:33 - 2005-03-21 09:59 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2014-01-09 14:32 - 2005-03-21 09:59 - 00032600 _____ C:\WINDOWS\SchedLgU.Txt 2014-01-09 14:30 - 2012-12-24 17:33 - 00000000 ____D C:\Program Files\File Scout 2014-01-09 13:24 - 2014-01-09 13:24 - 00000742 _____ C:\Documents and Settings\All Users\Bureau\Ma-Config.com - Démarrer la détection.lnk 2014-01-09 13:24 - 2014-01-09 13:24 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ma-config.com 2014-01-09 13:24 - 2013-11-03 14:07 - 00000000 ____D C:\Program Files\ma-config.com 2014-01-09 13:24 - 2013-11-03 14:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\ma-config.com 2014-01-09 13:24 - 2005-03-21 09:53 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Démarrer\Programmes 2014-01-09 13:24 - 2005-03-21 09:53 - 00000000 ____D C:\Documents and Settings\All Users\Bureau 2014-01-09 12:57 - 2011-06-10 17:05 - 00000000 ____D C:\WINDOWS\system32\NtmsData 2014-01-09 11:07 - 2005-03-21 09:55 - 00000000 ____D C:\WINDOWS\Registration 2014-01-09 09:56 - 2011-03-11 15:29 - 00000184 ___SH C:\Documents and Settings\Nous tous\ntuser.ini 2014-01-09 09:56 - 2011-03-11 15:29 - 00000000 ____D C:\Documents and Settings\Nous tous 2014-01-09 09:55 - 2011-03-11 19:22 - 00000000 ____D C:\WINDOWS\pss 2014-01-09 09:55 - 2005-03-21 09:53 - 00000000 ___RD C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage 2014-01-09 09:55 - 1980-01-01 00:00 - 00000709 _____ C:\WINDOWS\win.ini 2014-01-09 09:55 - 1980-01-01 00:00 - 00000227 _____ C:\WINDOWS\system.ini 2014-01-09 09:55 - 1980-01-01 00:00 - 00000216 ____N C:\boot.ini 2014-01-07 13:51 - 2013-12-11 19:41 - 00001130 _____ C:\WINDOWS\setupact.log 2014-01-07 13:51 - 2013-11-13 14:48 - 00093797 _____ C:\WINDOWS\setupapi.log 2014-01-07 13:41 - 2013-09-08 14:39 - 00000000 ____D C:\Documents and Settings\Nous tous\Mes documents\Divers courriers 2014-01-06 15:39 - 2011-03-11 15:59 - 00000000 ____D C:\Documents and Settings\Nous tous\Application Data\Winamp 2014-01-06 09:36 - 2014-01-06 09:36 - 00090112 _____ C:\WINDOWS\Minidump\Mini010614-01.dmp 2014-01-06 09:36 - 2012-03-01 16:36 - 00000000 ____D C:\WINDOWS\Minidump 2014-01-06 09:33 - 1980-01-01 00:00 - 00001158 _____ C:\WINDOWS\system32\wpa.dbl 2014-01-03 12:46 - 2012-12-09 12:05 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-01-01 12:43 - 2011-03-11 15:59 - 00000000 ___RD C:\Documents and Settings\Nous tous\Mes documents\Mes images 2013-12-30 19:06 - 2011-03-11 15:59 - 00000000 ____D C:\Documents and Settings\Nous tous\Mes documents\Mes numérisations 2013-12-30 19:06 - 2005-03-21 09:55 - 00000000 ____D C:\WINDOWS\system32\FxsTmp 2013-12-26 10:20 - 2013-02-24 14:12 - 00135648 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-12-26 10:20 - 2013-02-24 14:12 - 00090400 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-12-26 10:12 - 2005-03-21 09:59 - 00000000 __SHD C:\Documents and Settings\NetworkService 2013-12-26 10:12 - 2005-03-21 09:59 - 00000000 __SHD C:\Documents and Settings\LocalService 2013-12-26 10:11 - 2013-12-26 10:11 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\PrintMe Internet Printing 2013-12-26 10:11 - 2005-03-21 10:03 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Adobe 2013-12-26 10:10 - 2005-03-21 09:55 - 00000000 ____D C:\WINDOWS\system32\Restore 2013-12-21 19:08 - 2011-03-12 13:28 - 00000000 ____D C:\Documents and Settings\Nous tous\Local Settings\Application Data\Adobe 2013-12-20 15:55 - 2012-07-30 13:42 - 00000000 ____D C:\Documents and Settings\Nous tous\Mes documents\Sinistre tél florian 2013-12-20 15:00 - 2011-03-12 11:07 - 00000000 ____D C:\Documents and Settings\Nous tous\Application Data\Adobe 2013-12-19 14:45 - 2011-03-11 15:42 - 00000000 ____D C:\Program Files\Google 2013-12-19 14:43 - 2011-03-12 13:27 - 00000000 ____D C:\Program Files\Fichiers communs\Adobe 2013-12-19 14:42 - 2005-03-21 10:03 - 00000000 ____D C:\Program Files\Adobe 2013-12-19 14:15 - 2011-03-11 15:29 - 00000000 ___RD C:\Documents and Settings\Nous tous\Favoris 2013-12-14 17:40 - 2011-06-14 20:42 - 00000000 ____D C:\Documents and Settings\Nous tous\Local Settings\Application Data\Google 2013-12-14 16:21 - 2011-03-12 10:32 - 00000613 _____ C:\WINDOWS\ULEAD32.INI 2013-12-14 11:49 - 2011-04-03 09:52 - 00087040 _____ C:\Documents and Settings\Nous tous\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-12-12 12:16 - 2013-12-12 12:16 - 00000000 ____D C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Google Earth 2013-12-12 12:10 - 2005-03-21 09:53 - 03676432 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-12-11 19:46 - 2013-12-11 19:45 - 00013178 _____ C:\WINDOWS\KB2898785-IE8.log 2013-12-11 19:46 - 2013-12-11 19:45 - 00004033 _____ C:\WINDOWS\updspapi.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00036950 _____ C:\WINDOWS\FaxSetup.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00017736 _____ C:\WINDOWS\ocgen.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00014154 _____ C:\WINDOWS\tsoc.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00012345 _____ C:\WINDOWS\comsetup.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00007464 _____ C:\WINDOWS\ntdtcsetup.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00006001 _____ C:\WINDOWS\iis6.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00002052 _____ C:\WINDOWS\ocmsn.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00001854 _____ C:\WINDOWS\msgsocm.log 2013-12-11 19:46 - 2013-12-11 19:41 - 00001393 _____ C:\WINDOWS\imsins.log 2013-12-11 19:46 - 2011-03-12 10:19 - 00000000 ____D C:\WINDOWS\ie8updates 2013-12-11 19:45 - 2013-12-11 19:45 - 00005350 _____ C:\WINDOWS\KB2904266.log 2013-12-11 19:45 - 2013-12-11 19:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$ 2013-12-11 19:45 - 2013-12-11 19:45 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$ 2013-12-11 19:45 - 2013-12-11 19:41 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-12-11 19:45 - 2013-12-11 14:29 - 00010493 _____ C:\WINDOWS\KB2898715.log 2013-12-11 19:45 - 2013-08-01 17:53 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-12-11 19:45 - 2011-03-12 10:13 - 00043616 _____ C:\WINDOWS\system32\TZLog.log 2013-12-11 19:42 - 2013-12-11 19:42 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$ 2013-12-11 19:42 - 2013-12-11 14:29 - 00009327 _____ C:\WINDOWS\KB2893294.log 2013-12-11 19:42 - 2011-03-12 10:16 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-12-11 19:41 - 2013-12-11 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$ 2013-12-11 19:41 - 2013-12-11 19:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$ 2013-12-11 19:41 - 2013-12-11 19:41 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-12-11 19:41 - 2013-12-11 14:29 - 00010081 _____ C:\WINDOWS\KB2893984.log 2013-12-11 19:41 - 2013-12-11 14:29 - 00008759 _____ C:\WINDOWS\KB2892075.log 2013-12-11 18:37 - 2012-05-09 16:48 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-12-11 18:37 - 2011-05-15 15:50 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl Some content of TEMP: ==================== C:\Documents and Settings\Nous tous\Local Settings\Temp\142.34390352277805_Update.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\161.0638965772474_Update.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\385.27302926782164_Update.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\63188uninstall.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\632.345222871856_Update.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\avgnt.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\bassmod.dll C:\Documents and Settings\Nous tous\Local Settings\Temp\hpzmsi01.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\hpzscr01.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\MaConfigSetupTemp.exe C:\Documents and Settings\Nous tous\Local Settings\Temp\Sqlite3.dll ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe [1980-01-01 00:00] - [2008-04-14 03:34] - 0512000 ____A (Microsoft Corporation) dd73d6b9f6b4cb630cf35b438b540174 C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll [1980-01-01 00:00] - [2008-04-14 03:33] - 0579584 ____A (Microsoft Corporation) e853f84d3ce2faa2a802e33cf89ac023 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll [1980-01-01 00:00] - [2009-02-09 11:53] - 0401408 ____A (Microsoft Corporation) 0203b1aad358f206cb0a3c1f93cce17a C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================