Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:18-06-2014
Ran by Atelier (administrator) on LAYOLE on 18-06-2014 22:36:51
Running from C:\Documents and Settings\Atelier\Bureau
Platform: Microsoft Windows XP Professionnel Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 6
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
() C:\WINDOWS\system32\ServoApp.exe
(Edimax Technology Co., Ltd.) C:\Program Files\MFP Server\App\Common\MFPAgent.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE
() C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [pdfFactory Pro Dispatcher v1] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe [376832 2003-06-14] (FinePrint Software, LLC)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2009-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MFP Manager] => C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun
HKLM\...\Run: [Server Application] => C:\WINDOWS\system32\ServoApp.exe [417792 2007-05-20] ()
HKLM\...\Run: [GDI Manager] => C:\Program Files\MFP Server\App\Common\MFPAgent.exe [741376 2008-05-06] (Edimax Technology Co., Ltd.)
HKU\.DEFAULT\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\.DEFAULT\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\S-1-5-19\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\S-1-5-20\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation)
HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\Run: [EPSON Stylus SX400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [188928 2007-12-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\MountPoints2: {0f397ba2-a9e3-11df-a309-0011117932e1} - G:\PMBP_Win.exe
HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\MountPoints2: {fd5568bf-5a73-11e3-a50e-0011117932e1} - E:\Samsung_Drive_Manager.exe
Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire Olitec.lnk
ShortcutTarget: Lancer l'utilitaire Olitec.lnk -> C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe ()
Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\Atelier\Menu Démarrer\Programmes\Démarrage\Canon IJ Status Monitor Canon iP4600 series.lnk
ShortcutTarget: Canon IJ Status Monitor Canon iP4600 series.lnk -> C:\DOCUME~1\Atelier\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP4600 series;cnmss Canon iP4600 series (Local).dll;Canon IJ Status Monitor Canon iP4600 series.lnk (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Liens - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\user.js
FF SearchPlugin: C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: mysearchdial.com - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\ffxtlbr@mysearchdial.com [2014-03-10]
FF Extension: Mega Browse - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi [2014-03-07]
FF Extension: MySearchDial - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-16]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2011-06-23] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2011-06-23] (Avira GmbH) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-09] () [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2005-12-15] (Microsoft Corp., Veritas Software) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 odserv; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25088 2005-12-15] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 ALIWEHCD; C:\WINDOWS\System32\Drivers\mfpec.sys [34944 2007-05-06] (None)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [56816 2011-06-23] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2005-12-15] (Microsoft Corp., Veritas Software) [File not signed]
S3 OLITEC(OLITEC); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [247296 2004-09-29] (ZyDAS Technology Corporation) [File not signed]
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2005-12-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2011-06-23] (Avira GmbH)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359808 2005-12-15] (Microsoft Corporation) [File not signed]
S3 WlanUIG; C:\WINDOWS\System32\DRIVERS\WlanUIG.sys [379456 2005-06-17] (Conexant Systems, Inc.)
R3 WUSBVBus; C:\WINDOWS\System32\DRIVERS\mfpvbus.sys [10240 2006-10-20] (None)
R3 ZDPNDIS5; C:\WINDOWS\system32\ZDPNDIS5.SYS [17151 2004-01-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCANDIS5; \??\C:\WINDOWS\system32\PCANDIS5.SYS [X]
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-18 22:36 - 2014-06-18 22:37 - 00017144 _____ () C:\Documents and Settings\Atelier\Bureau\FRST.txt
2014-06-18 22:35 - 2014-06-18 22:35 - 01072128 _____ (Farbar) C:\Documents and Settings\Atelier\Bureau\FRST.exe
2014-06-18 22:23 - 2014-06-18 22:36 - 00000000 ____D () C:\FRST
2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\Adobe
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee Security Scan Plus
==================== One Month Modified Files and Folders =======
2014-06-18 22:37 - 2014-06-18 22:36 - 00017144 _____ () C:\Documents and Settings\Atelier\Bureau\FRST.txt
2014-06-18 22:37 - 2009-10-27 09:58 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Temp
2014-06-18 22:36 - 2014-06-18 22:23 - 00000000 ____D () C:\FRST
2014-06-18 22:36 - 2009-10-27 09:58 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau
2014-06-18 22:35 - 2014-06-18 22:35 - 01072128 _____ (Farbar) C:\Documents and Settings\Atelier\Bureau\FRST.exe
2014-06-18 22:35 - 2013-12-21 11:08 - 00000000 ____D () C:\Documents and Settings\Atelier\Mes documents\Téléchargements
2014-06-18 22:34 - 2009-10-27 09:58 - 00000000 ___RD () C:\Documents and Settings\Atelier\Menu Démarrer\Programmes
2014-06-18 22:32 - 2014-03-07 18:17 - 00001058 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 22:06 - 2013-12-23 10:26 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-18 22:01 - 2014-03-09 22:39 - 00000398 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-06-18 21:56 - 2009-10-27 10:25 - 01012756 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-18 21:52 - 2009-10-27 10:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-18 21:52 - 2009-10-27 10:27 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-06-18 21:52 - 2009-10-27 09:33 - 01604116 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-18 21:51 - 2014-03-07 18:17 - 00001054 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 21:51 - 2009-10-27 09:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-18 21:51 - 2005-12-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-16 12:58 - 2009-10-27 09:58 - 00000184 ___SH () C:\Documents and Settings\Atelier\ntuser.ini
2014-06-16 12:58 - 2009-10-27 09:57 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-16 12:47 - 2014-03-09 22:47 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
2014-06-15 21:41 - 2014-03-09 22:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2014-06-15 21:41 - 2014-03-09 22:39 - 00000454 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2014-06-15 21:41 - 2014-03-09 22:38 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-06-14 23:37 - 2011-05-15 07:57 - 00000000 ___RD () C:\Documents and Settings\Atelier\Mes documents\Mes images
2014-06-14 22:20 - 2009-10-27 10:24 - 00697172 _____ () C:\WINDOWS\setupapi.log
2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\Adobe
2014-06-12 21:46 - 2013-12-23 10:26 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-12 21:46 - 2013-12-23 10:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-09 14:37 - 2014-03-09 22:39 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\FileTypeAssistant
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee Security Scan Plus
2014-06-09 14:31 - 2013-12-23 10:28 - 00001773 _____ () C:\Documents and Settings\All Users\Bureau\McAfee Security Scan Plus.lnk
2014-06-09 14:31 - 2013-12-23 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes
2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Bureau
2014-06-01 10:00 - 2013-12-02 19:10 - 00000000 ____D () C:\Documents and Settings\Atelier\Mes documents\Annuaire téléphonique
2014-06-01 09:56 - 2013-12-01 12:42 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau\photo
2014-05-19 16:52 - 2014-04-30 15:33 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau\ALICIA
Files to move or delete:
====================
C:\Documents and Settings\Atelier\cnmss Canon iP4600 series (Local).dll
C:\Windows\Tasks\At1.job
Some content of TEMP:
====================
C:\Documents and Settings\Atelier\Local Settings\Temp\ImationLock.exe
C:\Documents and Settings\Atelier\Local Settings\Temp\MSETUP4.EXE
C:\Documents and Settings\Atelier\Local Settings\Temp\_isAB.exe
C:\Documents and Settings\Atelier\Local Settings\Temp\_isAC.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Ran by Atelier (administrator) on LAYOLE on 18-06-2014 22:36:51
Running from C:\Documents and Settings\Atelier\Bureau
Platform: Microsoft Windows XP Professionnel Service Pack 2 (X86) OS Language: Français (France)
Internet Explorer Version 6
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(FinePrint Software, LLC) C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis1.exe
(Avira GmbH) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Adobe Systems Incorporated) C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
() C:\WINDOWS\system32\ServoApp.exe
(Edimax Technology Co., Ltd.) C:\Program Files\MFP Server\App\Common\MFPAgent.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIEGE.EXE
() C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ATIPTA] => C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2006-02-09] (ATI Technologies, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [pdfFactory Pro Dispatcher v1] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis1.exe [376832 2003-06-14] (FinePrint Software, LLC)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [209153 2009-03-02] (Avira GmbH)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1848648 2008-03-18] (CANON INC.)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2009-12-18] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-09-21] (Adobe Systems Incorporated)
HKLM\...\Run: [MFP Manager] => C:\Program Files\MFP Server\MFPAgent.exe -CheckAutoRun
HKLM\...\Run: [Server Application] => C:\WINDOWS\system32\ServoApp.exe [417792 2007-05-20] ()
HKLM\...\Run: [GDI Manager] => C:\Program Files\MFP Server\App\Common\MFPAgent.exe [741376 2008-05-06] (Edimax Technology Co., Ltd.)
HKU\.DEFAULT\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\.DEFAULT\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation)
HKU\S-1-5-19\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\S-1-5-19\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-19\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation)
HKU\S-1-5-20\...\RunOnce: [nlsf] - cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
HKU\S-1-5-20\...\RunOnce: [nlhr] - RunDll32.exe %SystemRoot%\System32\AdvPack.Dll,LaunchINFSection %SystemRoot%\inf\nlite.inf,C
HKU\S-1-5-20\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2005-12-15] (Microsoft Corporation)
HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\Run: [EPSON Stylus SX400 Series] => C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE [188928 2007-12-17] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\MountPoints2: {0f397ba2-a9e3-11df-a309-0011117932e1} - G:\PMBP_Win.exe
HKU\S-1-5-21-746137067-1450960922-839522115-1003\...\MountPoints2: {fd5568bf-5a73-11e3-a50e-0011117932e1} - E:\Samsung_Drive_Manager.exe
Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Lancer l'utilitaire Olitec.lnk
ShortcutTarget: Lancer l'utilitaire Olitec.lnk -> C:\Program Files\OLITEC - Moniteur réseau 802.11g\WlanUtil.exe ()
Startup: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Documents and Settings\Atelier\Menu Démarrer\Programmes\Démarrage\Canon IJ Status Monitor Canon iP4600 series.lnk
ShortcutTarget: Canon IJ Status Monitor Canon iP4600 series.lnk -> C:\DOCUME~1\Atelier\CNMSSC~1.DLL,SMStarterEntryPoint USB001;Canon iP4600 series;cnmss Canon iP4600 series (Local).dll;Canon IJ Status Monitor Canon iP4600 series.lnk (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKLM - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKLM - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKCU - DefaultScope {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
SearchScopes: HKCU - {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = http://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
BHO: mysearchdial Helper Object - {EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} - C:\Program Files\Mysearchdial\1.8.29.0\bh\mysearchdial.dll (MySearchDial)
Toolbar: HKLM - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - mysearchdial Toolbar - {3004627E-F8E9-4E8B-909D-316753CBA923} - C:\Program Files\Mysearchdial\1.8.29.0\mysearchdialTlbr.dll (MySearchDial)
Toolbar: HKCU - &Adresse - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Liens - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Fichiers communs\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default
FF DefaultSearchEngine: Mysearchdial
FF SearchEngineOrder.1: Mysearchdial
FF SelectedSearchEngine: Mysearchdial
FF Homepage: hxxp://start.mysearchdial.com/?f=1&a=ir_14_10_ff&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCyBzytAtB0EtC0DtB0EtAtN0D0Tzu0SyBzyzytN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2StByByDtC0BtD0B0EtG0CtAyCyDtGtD0B0E0EtG0B0D0DzztGtCyC0Bzz0D0Ezy0CyEtBzy0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyByC0C0BzzyByDyBtGyB0DtDyDtGyCtCzzyEtGyB0C0A0DtGtAyCtBtAtC0AtByDyDtB0ByD2Q&cr=1831518434&ir=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\user.js
FF SearchPlugin: C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\searchplugins\Mysearchdial.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazon-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\cnrtl-tlfi-fr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-france.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-france.xml
FF Extension: mysearchdial.com - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\ffxtlbr@mysearchdial.com [2014-03-10]
FF Extension: Mega Browse - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi [2014-03-07]
FF Extension: MySearchDial - C:\Documents and Settings\Atelier\Application Data\Mozilla\Firefox\Profiles\kpgrsdkp.default\Extensions\{ad9a41d2-9a49-4fa6-a79e-71a0785364c8}.xpi [2014-03-16]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\Documents and Settings\All Users\Application Data\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [108289 2011-06-23] (Avira GmbH) [File not signed]
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [185089 2011-06-23] (Avira GmbH) [File not signed]
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [520192 2006-02-09] () [File not signed]
S3 dmadmin; C:\WINDOWS\System32\dmadmin.exe [224768 2005-12-15] (Microsoft Corp., Veritas Software) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
R2 MDM; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 odserv; C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE [441136 2006-10-26] (Microsoft Corporation)
S3 ose; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [145184 2006-10-26] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS\system32\mspmsnsv.dll [25088 2005-12-15] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
R2 ALIWEHCD; C:\WINDOWS\System32\Drivers\mfpec.sys [34944 2007-05-06] (None)
R1 avgio; C:\Program Files\Avira\AntiVir Desktop\avgio.sys [11608 2009-02-13] (Avira GmbH)
R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [56816 2011-06-23] (Avira GmbH)
R1 avipbb; C:\WINDOWS\System32\DRIVERS\avipbb.sys [96104 2009-03-30] (Avira GmbH)
S4 dmboot; C:\WINDOWS\System32\drivers\dmboot.sys [799744 2005-12-15] (Microsoft Corp., Veritas Software) [File not signed]
S3 OLITEC(OLITEC); C:\WINDOWS\System32\DRIVERS\zd1211u.sys [247296 2004-09-29] (ZyDAS Technology Corporation) [File not signed]
R2 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [163644 2005-12-15] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [File not signed]
R1 ssmdrv; C:\WINDOWS\System32\DRIVERS\ssmdrv.sys [28520 2011-06-23] (Avira GmbH)
R1 Tcpip; C:\WINDOWS\System32\DRIVERS\tcpip.sys [359808 2005-12-15] (Microsoft Corporation) [File not signed]
S3 WlanUIG; C:\WINDOWS\System32\DRIVERS\WlanUIG.sys [379456 2005-06-17] (Conexant Systems, Inc.)
R3 WUSBVBus; C:\WINDOWS\System32\DRIVERS\mfpvbus.sys [10240 2006-10-20] (None)
R3 ZDPNDIS5; C:\WINDOWS\system32\ZDPNDIS5.SYS [17151 2004-01-14] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 PCANDIS5; \??\C:\WINDOWS\system32\PCANDIS5.SYS [X]
U1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-18 22:36 - 2014-06-18 22:37 - 00017144 _____ () C:\Documents and Settings\Atelier\Bureau\FRST.txt
2014-06-18 22:35 - 2014-06-18 22:35 - 01072128 _____ (Farbar) C:\Documents and Settings\Atelier\Bureau\FRST.exe
2014-06-18 22:23 - 2014-06-18 22:36 - 00000000 ____D () C:\FRST
2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\Adobe
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee Security Scan Plus
==================== One Month Modified Files and Folders =======
2014-06-18 22:37 - 2014-06-18 22:36 - 00017144 _____ () C:\Documents and Settings\Atelier\Bureau\FRST.txt
2014-06-18 22:37 - 2009-10-27 09:58 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Temp
2014-06-18 22:36 - 2014-06-18 22:23 - 00000000 ____D () C:\FRST
2014-06-18 22:36 - 2009-10-27 09:58 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau
2014-06-18 22:35 - 2014-06-18 22:35 - 01072128 _____ (Farbar) C:\Documents and Settings\Atelier\Bureau\FRST.exe
2014-06-18 22:35 - 2013-12-21 11:08 - 00000000 ____D () C:\Documents and Settings\Atelier\Mes documents\Téléchargements
2014-06-18 22:34 - 2009-10-27 09:58 - 00000000 ___RD () C:\Documents and Settings\Atelier\Menu Démarrer\Programmes
2014-06-18 22:32 - 2014-03-07 18:17 - 00001058 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 22:06 - 2013-12-23 10:26 - 00001002 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-06-18 22:01 - 2014-03-09 22:39 - 00000398 _____ () C:\WINDOWS\Tasks\ProgramUpdateCheck.job
2014-06-18 21:56 - 2009-10-27 10:25 - 01012756 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-18 21:52 - 2009-10-27 10:27 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-18 21:52 - 2009-10-27 10:27 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-06-18 21:52 - 2009-10-27 09:33 - 01604116 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-18 21:51 - 2014-03-07 18:17 - 00001054 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 21:51 - 2009-10-27 09:57 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-18 21:51 - 2005-12-15 14:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-16 12:58 - 2009-10-27 09:58 - 00000184 ___SH () C:\Documents and Settings\Atelier\ntuser.ini
2014-06-16 12:58 - 2009-10-27 09:57 - 00032576 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-16 12:47 - 2014-03-09 22:47 - 00000414 _____ () C:\WINDOWS\Tasks\At1.job
2014-06-15 21:41 - 2014-03-09 22:41 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\FileTypeAssistant
2014-06-15 21:41 - 2014-03-09 22:39 - 00000454 _____ () C:\WINDOWS\Tasks\ProgramRefresh-ATFST.job
2014-06-15 21:41 - 2014-03-09 22:38 - 00000000 ____D () C:\Program Files\File Type Assistant
2014-06-14 23:37 - 2011-05-15 07:57 - 00000000 ___RD () C:\Documents and Settings\Atelier\Mes documents\Mes images
2014-06-14 22:20 - 2009-10-27 10:24 - 00697172 _____ () C:\WINDOWS\setupapi.log
2014-06-12 21:47 - 2014-06-12 21:47 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\Adobe
2014-06-12 21:46 - 2013-12-23 10:26 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-06-12 21:46 - 2013-12-23 10:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-06-09 14:37 - 2014-03-09 22:39 - 00000000 ____D () C:\Documents and Settings\Atelier\Local Settings\Application Data\FileTypeAssistant
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-09 14:31 - 2014-06-09 14:31 - 00000000 ____D () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\McAfee Security Scan Plus
2014-06-09 14:31 - 2013-12-23 10:28 - 00001773 _____ () C:\Documents and Settings\All Users\Bureau\McAfee Security Scan Plus.lnk
2014-06-09 14:31 - 2013-12-23 10:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee Security Scan
2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage
2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ___RD () C:\Documents and Settings\All Users\Menu Démarrer\Programmes
2014-06-09 14:31 - 2009-10-27 10:24 - 00000000 ____D () C:\Documents and Settings\All Users\Bureau
2014-06-01 10:00 - 2013-12-02 19:10 - 00000000 ____D () C:\Documents and Settings\Atelier\Mes documents\Annuaire téléphonique
2014-06-01 09:56 - 2013-12-01 12:42 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau\photo
2014-05-19 16:52 - 2014-04-30 15:33 - 00000000 ____D () C:\Documents and Settings\Atelier\Bureau\ALICIA
Files to move or delete:
====================
C:\Documents and Settings\Atelier\cnmss Canon iP4600 series (Local).dll
C:\Windows\Tasks\At1.job
Some content of TEMP:
====================
C:\Documents and Settings\Atelier\Local Settings\Temp\ImationLock.exe
C:\Documents and Settings\Atelier\Local Settings\Temp\MSETUP4.EXE
C:\Documents and Settings\Atelier\Local Settings\Temp\_isAB.exe
C:\Documents and Settings\Atelier\Local Settings\Temp\_isAC.exe
==================== Bamital & volsnap Check =================
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================