Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015 Ran by Dafour (administrator) on DAFOUR-B76E5A3B on 17-03-2015 21:10:17 Running from E:\Téléchargements Loaded Profiles: Dafour & UpdatusUser (Available profiles: Dafour & UpdatusUser) Platform: Microsoft Windows XP Édition familiale Service Pack 3 (X86) OS Language: Français (France) Internet Explorer Version 8 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Apple Inc.) C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (SEIKO EPSON CORPORATION) C:\Program Files\epson\MyEpson Portal\mepService.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneBusEnum.exe (Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIHLE.EXE () C:\Program Files\NETGEAR\WG311v3\WG311v3.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Farbar) E:\Téléchargements\FRST(1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Six Engine] => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [5756544 2010-02-03] (ASUSTeK Computer Inc.) HKLM\...\Run: [AVP] => C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [APSDaemon] => C:\Program Files\Fichiers communs\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup HKLM\...\Run: [Adobe ARM] => C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.) Winlogon\Notify\klogon: C:\WINDOWS\system32\klogon.dll (Kaspersky Lab ZAO) HKU\S-1-5-21-583907252-1788223648-1801674531-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-583907252-1788223648-1801674531-1004\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLE.EXE [249440 2012-02-29] (SEIKO EPSON CORPORATION) HKU\S-1-5-21-583907252-1788223648-1801674531-1004\...\Run: [uTorrent] => C:\Documents and Settings\Dafour\Application Data\uTorrent\uTorrent.exe [1742928 2015-03-04] (BitTorrent Inc.) HKU\S-1-5-21-583907252-1788223648-1801674531-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-02-17] (Google Inc.) HKU\S-1-5-21-583907252-1788223648-1801674531-1004\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1 HKU\S-1-5-21-583907252-1788223648-1801674531-1004\...\MountPoints2: {04a44987-ba0f-11e2-a65b-4c60de5c47cf} - G:\iStudio.exe Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\NETGEAR WG311v3 Smart Wizard.lnk ShortcutTarget: NETGEAR WG311v3 Smart Wizard.lnk -> C:\Program Files\NETGEAR\WG311v3\WG311v3.exe () ShellIconOverlayIdentifiers: [Fichiers hors connexion] -> {750fdf0e-2a26-11d1-a3ea-080036587f03} => C:\WINDOWS\System32\cscui.dll (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-583907252-1788223648-1801674531-1008\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: [S-1-5-21-583907252-1788223648-1801674531-1008] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\.DEFAULT -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-583907252-1788223648-1801674531-1004 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}&rlz=1I7MXGB_frFR523 SearchScopes: HKU\S-1-5-21-583907252-1788223648-1801674531-1008 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2013-12-11] (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-05-20] (Kaspersky Lab ZAO) BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2013-12-18] (Oracle Corporation) BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll [2013-12-11] (Kaspersky Lab ZAO) BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll [2013-10-09] (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-12-18] (Oracle Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll [2013-12-11] (Kaspersky Lab ZAO) BHO: ChromeFrame BHO -> {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} -> C:\Program Files\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll [2013-05-29] (Google Inc.) Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\27.0.1453.110\npchrome_frame.dll [2013-05-29] (Google Inc.) Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL [2002-05-23] (Microsoft Corporation) Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Fichiers communs\Skype\Skype4COM.dll [2013-02-26] (Skype Technologies) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240 StartMenuInternet: IEXPLORE.EXE - iexplore.exe FireFox: ======== FF ProfilePath: C:\Documents and Settings\Dafour\Application Data\Mozilla\Firefox\Profiles\ll7n1v4l.default FF SelectedSearchEngine: Google FF Homepage: https://www.google.fr/?gws_rd=ssl FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] () FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll [2012-08-08] (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2013-12-18] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2013-12-18] (Oracle Corporation) FF Plugin: @ma-config.com/HardwareDetection -> C:\Program Files\ma-config.com\nphardwaredetection.dll [2012-09-02] (Cybelsoft) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-12] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll [2014-02-12] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2012-06-27] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.) FF Extension: Français Language Pack - C:\Documents and Settings\Dafour\Application Data\Mozilla\Firefox\Profiles\ll7n1v4l.default\Extensions\langpack-fr@firefox.mozilla.org.xpi [2014-04-15] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-09-10] FF HKLM\...\Firefox\Extensions: [url_advisor@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2012-09-10] FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Kaspersky виртуелна тастатура - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2012-09-10] FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2012-09-10] FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2012-09-10] FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2012-09-10] FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2012-12-31] Chrome: ======= CHR Profile: C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Docs) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-14] CHR Extension: (Google Drive) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14] CHR Extension: (YouTube) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-14] CHR Extension: (Google Search) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-14] CHR Extension: (Kaspersky URL Advisor) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2014-04-14] CHR Extension: (Safe Money) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2014-04-14] CHR Extension: (Virtual Keyboard) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2014-04-14] CHR Extension: (Google Wallet) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-30] CHR Extension: (Gmail) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-14] CHR Extension: (Anti-Banner) - C:\Documents and Settings\Dafour\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2014-04-14] CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-08-17] CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-08-17] CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-08-17] CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-08-17] CHR HKLM\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-08-17] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 Apple Mobile Device; C:\Program Files\Fichiers communs\Apple\Mobile Device Support\AppleMobileDeviceService.exe [60744 2015-01-19] (Apple Inc.) R2 AVP; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S3 maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [312264 2012-09-02] (CybelSoft) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 MyEpson Portal Service; C:\Program Files\EPSON\MyEpson Portal\mepService.exe [703984 2014-09-22] (SEIKO EPSON CORPORATION) S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [652800 2010-02-26] (Nokia) [File not signed] R2 ZuneBusEnum; C:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R0 ahcix86; C:\WINDOWS\System32\DRIVERS\ahcix86.sys [187960 2009-10-06] (Advanced Micro Devices, Inc) S3 Ambfilt; C:\WINDOWS\System32\drivers\Ambfilt.sys [1691480 2009-11-18] (Creative) R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [11296 2009-08-04] () R3 asmthub3; C:\WINDOWS\System32\DRIVERS\asmthub3.sys [102888 2011-11-03] (ASMedia Technology Inc) R3 asmtxhci; C:\WINDOWS\System32\DRIVERS\asmtxhci.sys [313832 2011-11-03] (ASMedia Technology Inc) R0 BootDefragDriver; C:\WINDOWS\System32\drivers\BootDefragDriver.sys [13056 2013-10-24] () S3 driverhardwarev2; C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [16640 2011-07-21] (CybelSoft) R0 kl1; C:\WINDOWS\System32\DRIVERS\kl1.sys [135776 2013-12-11] (Kaspersky Lab ZAO) R1 KLIF; C:\WINDOWS\System32\DRIVERS\klif.sys [595040 2014-05-20] (Kaspersky Lab ZAO) R3 klim5; C:\WINDOWS\System32\DRIVERS\klim5.sys [35672 2012-06-27] (Kaspersky Lab ZAO) R3 klkbdflt; C:\WINDOWS\System32\DRIVERS\klkbdflt.sys [24160 2013-10-10] (Kaspersky Lab ZAO) R3 klmouflt; C:\WINDOWS\System32\DRIVERS\klmouflt.sys [24672 2013-10-10] (Kaspersky Lab ZAO) R1 kltdi; C:\WINDOWS\System32\DRIVERS\kltdi.sys [44000 2013-06-19] (Kaspersky Lab ZAO) R1 kneps; C:\WINDOWS\System32\DRIVERS\kneps.sys [145224 2015-02-17] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation) S3 Monfilt; C:\WINDOWS\System32\drivers\Monfilt.sys [1395800 2009-11-18] (Creative Technology Ltd.) R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-13] () R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [124264 2012-07-03] (NVIDIA Corporation) R3 RTL8192cu; C:\WINDOWS\System32\DRIVERS\WNA1000M.sys [994664 2011-01-31] (Realtek Semiconductor Corporation ) S3 W8335XP; C:\WINDOWS\System32\DRIVERS\WG311v3XP.sys [282624 2005-12-29] (Marvell Semiconductor, Inc) [File not signed] R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S3 cpuz134; \??\C:\WINDOWS\TEMP\cpuz134\cpuz134_x32.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S4 IntelIde; No ImagePath U5 klflt; C:\Windows\System32\Drivers\klflt.sys [74336 2014-05-20] (Kaspersky Lab ZAO) S3 ProcObsrv; \??\C:\Program Files\Glary Utilities 3\ProcObsrv.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-17 20:51 - 2015-03-17 20:51 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\ZHP 2015-03-17 13:29 - 2015-03-17 19:47 - 00009666 _____ () C:\WINDOWS\setupapi.log 2015-03-17 12:13 - 2015-03-17 12:13 - 00022567 _____ () C:\Documents and Settings\Dafour\Bureau\mode.txt 2015-03-17 08:05 - 2015-03-17 08:05 - 00024771 _____ () C:\Documents and Settings\Dafour\Bureau\eset online scanner.txt 2015-03-16 17:59 - 2015-03-16 17:59 - 00000000 ____D () C:\Program Files\ESET 2015-03-16 08:51 - 2015-03-17 18:55 - 00017408 _____ () C:\Documents and Settings\Dafour\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2015-03-15 21:12 - 2015-03-15 20:53 - 01135104 _____ (Farbar) C:\Documents and Settings\Dafour\Bureau\FRST(1).exe 2015-03-15 17:38 - 2015-03-15 17:38 - 00030097 _____ () C:\Documents and Settings\Dafour\Bureau\FRST.txt deux.txt 2015-03-15 17:37 - 2015-03-15 17:37 - 00035163 _____ () C:\Documents and Settings\Dafour\Bureau\Addition.txt premier.txt 2015-03-15 17:36 - 2015-03-17 21:10 - 00000000 ____D () C:\FRST 2015-03-15 16:18 - 2015-03-17 18:47 - 00000120 _____ () C:\WINDOWS\setupact.log 2015-03-15 16:18 - 2015-03-15 16:18 - 00000000 _____ () C:\WINDOWS\setuperr.log 2015-03-15 14:54 - 2015-03-15 14:54 - 00001481 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPFixReport.txt 2015-03-15 12:00 - 2015-03-15 12:00 - 00115782 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPDiag.txt rep.txt 2015-03-15 11:58 - 2015-03-15 11:58 - 00115782 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPDiag.txt 2015-03-15 11:54 - 2015-03-15 11:54 - 00001628 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPFix.lnk 2015-03-15 11:54 - 2015-03-15 11:54 - 00001523 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPDiag.lnk 2015-03-15 10:31 - 2015-03-15 11:46 - 00004049 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPCleaner.txt 2015-03-15 10:27 - 2015-03-15 11:36 - 00000812 _____ () C:\Documents and Settings\Dafour\Bureau\ZHPCleaner.lnk 2015-03-07 23:17 - 2015-03-17 20:50 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2015-03-04 13:26 - 2015-03-04 13:26 - 00000104 _____ () C:\Documents and Settings\Dafour\Bureau\Raccourci vers Corbeille.lnk 2015-03-02 16:17 - 2015-03-02 16:17 - 00000000 ____D () C:\Documents and Settings\Dafour\Local Settings\Application Data\eMule0.60 2015-03-02 16:00 - 2015-03-02 16:00 - 00000152 _____ () C:\WINDOWS\$PREFFILE 2015-02-28 12:49 - 2015-02-28 12:49 - 00369495 _____ () C:\Documents and Settings\Dafour\Bureau\photo.php 2015-02-19 18:09 - 2015-02-19 18:09 - 00001542 _____ () C:\Documents and Settings\All Users\Bureau\iTunes.lnk 2015-02-19 18:09 - 2015-02-19 18:09 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\iTunes ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-03-17 21:10 - 2012-09-10 08:46 - 00000000 ____D () C:\Documents and Settings\Dafour\Local Settings\Temp 2015-03-17 21:00 - 2014-09-02 19:15 - 00000000 ____D () C:\Documents and Settings\Dafour\Application Data\uTorrent 2015-03-17 20:55 - 2012-09-10 13:32 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kaspersky Lab 2015-03-17 20:54 - 2014-03-19 09:13 - 00000224 _____ () C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP - à la connexion.job 2015-03-17 20:54 - 2012-09-10 08:40 - 01220930 _____ () C:\WINDOWS\WindowsUpdate.log 2015-03-17 20:52 - 2013-09-24 09:11 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-03-17 20:52 - 2013-09-24 09:11 - 00000050 _____ () C:\WINDOWS\wiaservc.log 2015-03-17 20:52 - 2012-09-10 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2015-03-17 20:51 - 2014-04-13 17:59 - 00000000 ____D () C:\Program Files\ZHPDiag 2015-03-17 20:51 - 2014-04-13 17:59 - 00000000 ____D () C:\Documents and Settings\Dafour\Application Data\ZHP 2015-03-17 20:51 - 2012-09-10 10:29 - 00000000 __SHD () C:\Documents and Settings\Default User\Local Settings\Historique 2015-03-17 20:51 - 2012-09-10 10:29 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes 2015-03-17 20:51 - 2012-09-10 08:46 - 00000000 ____D () C:\Documents and Settings\Dafour\Bureau 2015-03-17 20:51 - 2012-09-10 08:46 - 00000000 ____D () C:\Documents and Settings\Dafour 2015-03-17 20:50 - 2013-07-28 19:47 - 00000000 ____D () C:\WINDOWS\system32\MRT 2015-03-17 20:48 - 2014-04-15 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2015-03-17 20:42 - 2013-09-24 09:10 - 00032532 _____ () C:\WINDOWS\SchedLgU.Txt 2015-03-17 20:41 - 2013-11-28 09:19 - 00000000 ____D () C:\Documents and Settings\Dafour\Bureau\a garder 2015-03-17 20:25 - 2012-11-09 13:46 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-03-17 18:20 - 2014-07-01 18:14 - 00114904 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2015-03-17 18:11 - 2012-09-10 08:46 - 00000184 ___SH () C:\Documents and Settings\Dafour\ntuser.ini 2015-03-17 12:32 - 2012-09-10 09:22 - 00000000 ____D () C:\WINDOWS\Microsoft.NET 2015-03-17 12:22 - 2012-09-10 10:29 - 01615898 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2015-03-17 11:06 - 2013-06-08 07:08 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2015-03-16 16:57 - 2012-09-16 17:51 - 00000000 ____D () C:\Documents and Settings\Dafour\Application Data\vlc 2015-03-16 16:55 - 2012-09-10 08:45 - 00000000 ___HD () C:\Documents and Settings\LocalService\Local Settings\Historique 2015-03-15 21:15 - 2012-09-10 08:46 - 00000000 __SHD () C:\Documents and Settings\Dafour\Local Settings\Historique 2015-03-15 21:13 - 2014-02-18 21:11 - 00000184 ___SH () C:\Documents and Settings\UpdatusUser\ntuser.ini 2015-03-15 21:13 - 2014-02-18 21:11 - 00000000 ___HD () C:\Documents and Settings\UpdatusUser\Local Settings\Historique 2015-03-15 21:13 - 2012-09-10 08:45 - 00000000 ____D () C:\Documents and Settings\LocalService\Local Settings\Temp 2015-03-15 21:13 - 2012-09-10 08:43 - 00000000 ___HD () C:\Documents and Settings\NetworkService\Local Settings\Historique 2015-03-15 21:13 - 2012-09-10 08:43 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp 2015-03-15 11:58 - 2014-04-13 18:02 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin 2015-03-14 20:40 - 2014-02-18 09:06 - 00000000 ____D () C:\AdwCleaner 2015-03-14 08:45 - 2008-04-14 13:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl 2015-03-13 15:52 - 2012-09-10 13:55 - 00000000 ____D () C:\Documents and Settings\Dafour\Bureau\vu 2015-03-13 13:05 - 2014-11-25 18:32 - 00000000 ____D () C:\Documents and Settings\Dafour\Bureau\enfant 2015-03-12 16:33 - 2013-02-05 20:32 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2015-03-11 21:18 - 2012-09-11 09:11 - 119837696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2015-03-08 15:00 - 2014-03-19 09:13 - 00000218 _____ () C:\WINDOWS\Tasks\Notification de fin de service de Microsoft Windows XP -mensuellement.job 2015-03-08 10:24 - 2012-09-10 08:39 - 00000000 ____D () C:\WINDOWS\srchasst 2015-03-03 08:45 - 2014-02-17 19:17 - 00001024 ____H () C:\WINDOWS\system32\config\elam.LOG 2015-03-02 22:18 - 2012-10-07 12:54 - 00065536 _____ () C:\WINDOWS\system32\config\TuneUp.evt 2015-03-02 16:28 - 2013-09-29 17:11 - 00000000 ____D () C:\Program Files\TuneUp Utilities 2014 2015-03-02 16:28 - 2012-09-10 10:29 - 00000000 ____D () C:\Documents and Settings\All Users\Bureau 2015-03-02 16:17 - 2012-09-10 08:46 - 00000000 ___RD () C:\Documents and Settings\Dafour\Menu Démarrer\Programmes 2015-02-28 12:51 - 2013-09-08 09:38 - 00090624 ___SH () C:\Documents and Settings\Dafour\Bureau\Thumbs.db 2015-02-24 21:19 - 2012-09-10 13:47 - 00000000 ____D () C:\Documents and Settings\Dafour\Bureau\a voir 2015-02-19 18:09 - 2013-10-08 10:54 - 00000000 ____D () C:\Program Files\iTunes 2015-02-19 18:08 - 2013-10-08 10:54 - 00000000 ____D () C:\Program Files\iPod 2015-02-17 18:13 - 2012-08-13 15:49 - 00145224 _____ (Kaspersky Lab ZAO) C:\WINDOWS\system32\Drivers\kneps.sys ==================== Files in the root of some directories ======= 2015-03-16 08:51 - 2015-03-17 18:55 - 0017408 _____ () C:\Documents and Settings\Dafour\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================