Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-09-2013 01
Ran by Corail (administrator) on PC-DE-CORAIL on 01-10-2013 21:03:19
Running from C:\Users\Corail\Desktop
Microsoft® Windows Vista™ Édition Familiale Premium Service Pack 2 (X86) OS Language: French Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Agere Systems) C:\Windows\system32\agrsmsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM) C:\Windows\system32\PrintCtrl.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproSvc.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
(TOSHIBA Corporation) C:\Windows\system32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Toshiba) C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Toshiba Europe GmbH) C:\Program Files\Toshiba TEMPRO\TemproTray.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(ActMask Co.,Ltd - http://www.all2pdf.com) C:\Windows\System32\PrintDisp.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(TOSHIBA CORPORATION) C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(TOSHIBA Corporation.) C:\Program Files\TOSHIBA\HDMICtrlMan\HCMSoundChanger.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(IGraal) C:\Program Files\iGraal\iGraalHelper.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Users\Corail\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HDMICtrlMan] - C:\Program Files\TOSHIBA\HDMICtrlMan\HDMICtrlMan.exe [716800 2008-04-26] (TOSHIBA Corporation.)
HKLM\...\Run: [ITSecMng] - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1045800 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [TOSDCR] - C:\Program Files\TOSHIBA\PasswordUtility\TOSDCR.exe [169296 2007-08-28] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [431456 2008-01-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] - C:\Program Files\TOSHIBA\TBS\HSON.exe [54608 2007-10-31] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [509816 2008-01-25] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [716800 2008-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [Camera Assistant Software] - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [417792 2008-04-29] (Chicony)
HKLM\...\Run: [TRCMan] - C:\Program Files\TOSHIBA\TRCMan\TRCMan.exe [692224 2008-04-10] (TOSHIBA Corporation)
HKLM\...\Run: [NDSTray.exe] - NDSTray.exe
HKLM\...\Run: [cfFncEnabler.exe] - cfFncEnabler.exe
HKLM\...\Run: [topi] - C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe [581632 2007-07-10] (TOSHIBA)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7719456 2009-08-24] (Realtek Semiconductor)
HKLM\...\Run: [Toshiba Registration] - C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe [574864 2008-01-11] (Toshiba)
HKLM\...\Run: [Toshiba TEMPRO] - C:\Program Files\Toshiba TEMPRO\TemproTray.exe [1045904 2009-04-21] (Toshiba Europe GmbH)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [Microsoft Default Manager] - C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1983816 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [PrintDisp] - C:\Windows\system32\PrintDisp.exe [975360 2010-07-23] (ActMask Co.,Ltd - http://www.all2pdf.com)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-01-25] (Apple Inc.)
HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [Malwarebytes Anti-Malware (reboot)] - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [887432 2013-04-04] (Malwarebytes Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [TOSCDSPD] - TOSCDSPD.EXE
HKCU\...\Run: [EA Core] - "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\Corail\AppData\Local\Google\Update\GoogleUpdate.exe [133104 2009-08-28] (Google Inc.)
HKCU\...\Run: [TomTomHOME.exe] - "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [TOSCDSPD] - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe [ 2008-04-24] (TOSHIBA)
Startup: C:\Users\Corail\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 - Capture d'écran et lancement.lnk
ShortcutTarget: OneNote 2007 - Capture d'écran et lancement.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
ShortcutTarget: TRDCReminder.lnk -> C:\Program Files\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSEE&bmod=TSEE;
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: iGraal BHO - {240373D3-4199-4F41-BB4D-15D5B830C82D} - C:\Program Files\iGraal\iGraalBHO.dll (iGraal)
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - iGraal Toolbar - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} - C:\Program Files\iGraal\iGraalToolbar.dll (iGraal)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Toolbar: HKCU -Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_IKEA_Win32.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} http://kitchenplanner.ikea.com/fr/Core/Player/2020PlayerAX_Win32.cab
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} http://picasaweb.google.com/s/v/59.15/uploader2.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.photoweb.fr/telechargement/telechargement-photoweb-5.5.6.0.cab
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} http://www.zebulon.fr/scan8/oscan8.cab
DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} http://www.girafoto.fr/uploaders/aurigma_6_5_1_0/ImageUploader6.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://game.zylom.com/activex/zylomgamesplayer.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldfr-fr.cab
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 212.27.40.241 212.27.40.240

Chrome:
=======
CHR HomePage: hxxp://www.google.fr/
CHR RestoreOnStartup: "hxxp://www.google.fr/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Corail\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Corail\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Corail\AppData\Local\Google\Chrome\Application\29.0.1547.76\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (WildTangent Games App Presence Detector) - C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\Corail\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (ShiVa3D Plugin 1.8.1) - C:\Users\Corail\AppData\Roaming\..\LocalLow\StoneTrip\WebPlayer1.8.1\npShiVa3D_1.8.1.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Corail\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Corail\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Send to Kindle (by Klip.me)) - C:\Users\Corail\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Corail\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Corail\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR StartMenuInternet: Google Chrome - C:\Users\Corail\AppData\Local\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 ConfigFree Service; C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe [40960 2008-07-10] (TOSHIBA CORPORATION)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 Printer Control; C:\Windows\system32\PrintCtrl.exe [65536 2009-10-28] (ActMask Co.,Ltd - HTTP://WWW.ALL2PDF.COM)
R3 SmartFaceVWatchSrv; C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe [73728 2008-04-24] (Toshiba)
R2 TemproMonitoringService; C:\Program Files\Toshiba TEMPRO\TemproSvc.exe [116104 2009-04-21] (Toshiba Europe GmbH)
R2 TOSHIBA SMART Log Service; C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe [126976 2007-12-03] (TOSHIBA Corporation)
S2 TOSHIBA Bluetooth Service; c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [x]

==================== Drivers (Whitelisted) ====================

R0 CLFS; C:\Windows\System32\CLFS.sys [245736 2009-04-11] (Microsoft Corporation)
S3 hidshim; C:\Windows\System32\DRIVERS\hidshim.sys [5632 2007-07-11] (Windows (R) Codename Longhorn DDK provider)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-08-03] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
R3 UVCFTR; C:\Windows\System32\Drivers\UVCFTR_S.SYS [18432 2007-12-17] (Chicony Electronics Co., Ltd.)
S3 wbondir; C:\Windows\System32\DRIVERS\wbondir.sys [64000 2007-06-24] (Winbond Electronics Corporation)
S3 winbondhidcir; C:\Windows\System32\DRIVERS\winbondhidcir.sys [21504 2007-07-11] (Winbond Electronics Corporation)
S1 dqgpmdiz; \??\C:\Windows\system32\drivers\dqgpmdiz.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 Tosrfcom; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-01 21:03 - 2013-10-01 21:03 - 00000000 ____D C:\FRST
2013-10-01 21:01 - 2013-10-01 21:02 - 01086873 _____ (Farbar) C:\Users\Corail\Desktop\FRST.exe
2013-09-12 19:58 - 2013-07-31 12:30 - 12335104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-12 19:58 - 2013-07-31 12:05 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-12 19:58 - 2013-07-31 12:00 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-12 19:58 - 2013-07-31 11:53 - 01104896 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-12 19:58 - 2013-07-31 11:52 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-12 19:58 - 2013-07-31 11:52 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-12 19:58 - 2013-07-31 11:51 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-12 19:58 - 2013-07-31 11:49 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-12 19:58 - 2013-07-31 11:48 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-12 19:58 - 2013-07-31 11:48 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-12 19:58 - 2013-07-31 11:48 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-12 19:58 - 2013-07-31 11:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-12 19:58 - 2013-07-31 11:46 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-12 19:58 - 2013-07-31 11:45 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-12 19:58 - 2013-07-31 11:45 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-12 19:58 - 2013-07-31 11:42 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-11 09:08 - 2013-08-08 03:45 - 02049536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-09-11 09:08 - 2013-07-16 06:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll

==================== One Month Modified Files and Folders =======

2013-10-01 21:03 - 2013-10-01 21:03 - 00000000 ____D C:\FRST
2013-10-01 21:02 - 2013-10-01 21:01 - 01086873 _____ (Farbar) C:\Users\Corail\Desktop\FRST.exe
2013-10-01 21:00 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-01 21:00 - 2006-11-02 14:47 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-01 20:57 - 2013-04-13 09:39 - 00001002 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-01 20:57 - 2012-06-13 21:03 - 00001056 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-01 20:57 - 2012-06-13 21:03 - 00001052 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-01 20:57 - 2009-08-28 10:23 - 00001082 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517606227-2943767172-301774227-1000UA.job
2013-10-01 20:57 - 2009-08-28 10:23 - 00001030 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1517606227-2943767172-301774227-1000Core.job
2013-10-01 20:57 - 2009-06-10 16:58 - 00031966 _____ C:\ProgramData\nvModes.001
2013-10-01 16:42 - 2009-06-10 16:58 - 00031966 _____ C:\ProgramData\nvModes.dat
2013-10-01 15:57 - 2009-06-10 22:58 - 01282610 _____ C:\Windows\WindowsUpdate.log
2013-10-01 13:06 - 2010-07-28 15:42 - 00002647 _____ C:\Users\Corail\Desktop\Microsoft Office Word 2007.lnk
2013-10-01 12:09 - 2006-11-02 15:01 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-01 00:16 - 2010-09-16 15:36 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-10-01 00:16 - 2008-10-16 10:15 - 00000012 _____ C:\Windows\bthservsdp.dat
2013-10-01 00:16 - 2006-11-02 15:01 - 00032564 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-30 23:44 - 2008-01-21 10:41 - 01501312 _____ C:\Windows\system32\PerfStringBackup.INI
2013-09-20 21:09 - 2012-12-16 18:21 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-09-20 21:09 - 2011-09-16 18:35 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-09-19 21:18 - 2013-02-18 15:01 - 00000000 ____D C:\Users\Corail\Documents\Dialyse
2013-09-13 19:33 - 2008-10-16 13:49 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-09-12 20:07 - 2006-11-02 14:47 - 00435408 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-12 19:55 - 2013-08-02 12:27 - 00000000 ____D C:\Windows\system32\MRT
2013-09-12 19:51 - 2006-11-02 12:24 - 76725432 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-09-04 21:04 - 2010-04-29 14:36 - 00000680 _____ C:\Users\Corail\AppData\Local\d3d9caps.dat

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-1517606227-2943767172-301774227-1000\$e741795269d82c57ce4bce9e8f803aac

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$e741795269d82c57ce4bce9e8f803aac

Some content of TEMP:
====================
C:\Users\Corail\AppData\Local\Temp\0.7974093075006842.exe
C:\Users\Corail\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Corail\AppData\Local\Temp\ApnStub.exe
C:\Users\Corail\AppData\Local\Temp\AutoRun.exe
C:\Users\Corail\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Corail\AppData\Local\Temp\cacaonew013e6e.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew067eed.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew06ad1e.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew0d5870.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew1945a4.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew222ade.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew2e85e1.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew321fff.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew4d69d2.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew50e94a.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew6a2530.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew6dc78a.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew6eea80.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew737a38.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew785b33.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew79cf9e.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew7a1cf9.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew8ab390.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew8b4fd1.exe
C:\Users\Corail\AppData\Local\Temp\cacaonew9d7548.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewb0ae30.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewb3bfc0.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewb5586a.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewb574cd.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewbb288a.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewc83c37.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewcd65fb.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewcf43fe.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewd0e427.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewd8a270.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewe46bfb.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewee572b.exe
C:\Users\Corail\AppData\Local\Temp\cacaonewf65023.exe
C:\Users\Corail\AppData\Local\Temp\converter.exe
C:\Users\Corail\AppData\Local\Temp\DWPUpgradeInstaller.exe
C:\Users\Corail\AppData\Local\Temp\EAD620C.exe
C:\Users\Corail\AppData\Local\Temp\EAD85A3.exe
C:\Users\Corail\AppData\Local\Temp\EAD9867.exe
C:\Users\Corail\AppData\Local\Temp\EAD9AF7.exe
C:\Users\Corail\AppData\Local\Temp\EADA524.exe
C:\Users\Corail\AppData\Local\Temp\EADA543.exe
C:\Users\Corail\AppData\Local\Temp\EADBB81.exe
C:\Users\Corail\AppData\Local\Temp\EADCBC6.exe
C:\Users\Corail\AppData\Local\Temp\eauninstall.exe
C:\Users\Corail\AppData\Local\Temp\extension1615593350018696413.dll
C:\Users\Corail\AppData\Local\Temp\extension5151678755775565442.dll
C:\Users\Corail\AppData\Local\Temp\fsprod.dll
C:\Users\Corail\AppData\Local\Temp\fssfm.dll
C:\Users\Corail\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Corail\AppData\Local\Temp\install_flash_player.exe
C:\Users\Corail\AppData\Local\Temp\jre-1.6.0_20-windows-i586-iftw.exe_90744722.exe
C:\Users\Corail\AppData\Local\Temp\jre-6u20-windows-i586-jinstall_uac.exe
C:\Users\Corail\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Corail\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe
C:\Users\Corail\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Corail\AppData\Local\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Users\Corail\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe
C:\Users\Corail\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\Corail\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Corail\AppData\Local\Temp\NL-1387409554.dll
C:\Users\Corail\AppData\Local\Temp\ose00000.exe
C:\Users\Corail\AppData\Local\Temp\preconfig.exe
C:\Users\Corail\AppData\Local\Temp\SimCity 4 Deluxe_uninst.exe
C:\Users\Corail\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Corail\AppData\Local\Temp\WLM2011Installer.exe
C:\Users\Corail\AppData\Local\Temp\WLM_2011.exe
C:\Users\Corail\AppData\Local\Temp\{9C7496A6-B331-498e-B0E8-1FB0947ED823}-ConsumerInputUpdate.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-01 12:15

==================== End Of Log ============================