Rapport de ZHPDiag v2013.3.21.66 par Nicolas Coolman, Update du 21/03/2013 Run by MAEG at 21/03/2013 5:40:47 State : High Elevated Privileges : OK UAC : Activate by user ---\\ Web Browser MSIE: Internet Explorer v9.0.8112.16421 MFIE: Mozilla Firefox 19.0.2 v19.0.2 (Defaut) GCIE: Google Chrome v25.0.1364.172 ---\\ Windows Product Information ~ Langage: Anglais Windows 7 Business Edition, 64-bit Service Pack 1 (Build 7601) Windows Server License Manager Script : OK ~ Windows(R) 7, OEM_SLP channel System Locked Preinstallation (OEM_SLP) : OK Software Protection Service (Protection logicielle) : OK Windows Automatic Updates : OK Windows Activation Technologies : OK ---\\ System Information ~ Processor: Intel64 Family 6 Model 23 Stepping 10, GenuineIntel ~ Operating System: 64 Bits Boot mode: Normal (Normal boot) Total RAM: 2013 MB (36% free) System Restore: Activé (Enable) System drive C: has 157 GB (71%) free of 221 GB ---\\ Logged in mode ~ Computer Name: MAEG-PC ~ User Name: MAEG ~ All Users Names: MAEG, Leo, kevo, Guest, Administrator, ~ Unselected Option: None Logged in as Administrator ---\\ Environnement Variables ~ System Unit : C:\ ~ %AppData% : C:\Users\MAEG\AppData\Roaming\ ~ %Desktop% : C:\Users\MAEG\Desktop\ ~ %Favorites% : C:\Users\MAEG\Favorites\ ~ %LocalAppData% : C:\Users\MAEG\AppData\Local\ ~ %StartMenu% : C:\Users\MAEG\AppData\Roaming\Microsoft\Windows\Start Menu\ ~ %Windir% : C:\Windows\ ~ %System% : C:\Windows\System32\ ---\\ DOS/Devices C:\ Hard drive, Flash drive, Thumb drive (Free 157 Go of 221 Go) D:\ Hard drive, Flash drive, Thumb drive (Free 222 Go of 222 Go) E:\ CD-ROM drive (Free 0 Go of 0 Go) ---\\ Security Center & Tools Informations [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiSpywareOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] AntiVirusOverride: OK [HKLM\SOFTWARE\Microsoft\Security Center\Svc] FirewallOverride: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\NOHIDDEN] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL] CheckedValue: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] Application: OK [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] Shell: OK [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date ~ Security Center: Legitimates Scanned in 00mn 00s ---\\ Search Generic System Files [MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.13/07/2011 - 21:58:42.) -- C:\Windows\Explorer.exe [2871808] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 17:39:52.) -- C:\Windows\System32\Wininit.exe [129024] [MD5.435E9C764E1EF70058580996452BE6A2] - (.Microsoft Corporation - Internet Extensions for Win32.) (.08/01/2013 - 17:12:03.) -- C:\Windows\System32\wininet.dll [1392128] [MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.20/11/2010 - 19:24:29.) -- C:\Windows\System32\Winlogon.exe [390656] [MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 19:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448] [MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/12/2011 - 19:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688] [MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 17:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128] [MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 15:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160] [MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 19:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456] [MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 19:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400] [MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 19:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368] [MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 15:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472] [MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 16:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224] [MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.13/07/2011 - 22:02:20.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208] [MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 19:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632] [MD5.E453ACF4E7D44E5530B5D5F2B9CA8563] - (.Microsoft Corporation - NT File System Driver.) (.31/08/2012 - 10:19:35.) -- C:\Windows\system32\Drivers\ntfs.sys [1659760] [MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 16:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280] [MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 19:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536] [MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 19:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888] [MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 16:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184] [MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 19:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296] [MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 19:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808] ~ Generic Processes: Legitimates Scanned in 00mn 00s ---\\ Hidden files state (Hidden/Total) ~ Mes images (My Pictures) : 1/7 ~ Mes Favoris (My Favorites) : 1/17 ~ Mes Documents (My Documents) : 2/9 ~ Mon Bureau (My Desktop) : 3/1897 ~ Menu demarrer (Programs) : 1/26 ~ Hidden Files: Legitimates Scanned in 00mn 03s ---\\ Running Processes [MD5.7853D2AB445C10F97610B2B05FA4CF0A] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [512360] [PID.2572] [MD5.57D98BEA6B7357C5FD3B9B50BE79F219] - (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\MAEG\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232] [PID.3364] [MD5.D4AEA69F7C57D81A9B30BF7AB08446B1] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [385248] [PID.3256] [MD5.BF2F2717C13A4BD4FD73F2788534E86B] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [917400] [PID.2644] [MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] - (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [PID.1000] [MD5.339DFA98DDDA7DDF735CE21C82E6F1DD] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe [824232] [PID.2128] [MD5.AA6844A5127ED4B20DF6D313467B929D] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [17304] [PID.2500] [MD5.680AD8F376970696B45269F074A8A28E] - (.Adobe Systems, Inc. - Adobe Flash Player 11.6 r602.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe [1822424] [PID.1232] [MD5.8C5BE6660C928F8CA80017A05CAD0406] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [5864448] [PID.2616] [MD5.8871B8E6FBB7BE8F47367E47AADEC5CE] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86752] [PID.1336] [MD5.27B3633CED9BD4B588873DAD2F856069] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110816] [PID.1480] [MD5.F48FEB7DA35821DA15E0B006DCB9A169] - (.Microsoft Corporation. - BingBar Service.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [193616] [PID.1540] [MD5.C9B2D1D3F86FD3673EF847DEF73B6F9E] - (.Acer Incorporated - Global Registration Service.) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [36456] [PID.1744] [MD5.B705C7097F9A0EC941D02DCE7C7D426C] - (.Acer Incorporated - Updater Service.) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe [244624] [PID.1832] [MD5.1ACAA67676E9E7BDA5E0C41B6E0DECAF] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [398184] [PID.1876] [MD5.916B8954AC3E06DC9E898AFFB41F3FB6] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [682344] [PID.1896] [MD5.7CF1B716372B89568AE4C0FE769F5869] - (.Microsoft Corporation - Machine Debug Manager.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872] [PID.1916] [MD5.1873214666F6F0A883742DF91FBC48C9] - (.NTI Corporation - Backup Manager Module.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832] [PID.2036] [MD5.A1688A4FB2EC49D040C027EF6DC7A87B] - (.pdfforge GbR - PDF Architect Helper Service.) -- C:\Program Files (x86)\PDF Architect\HelperService.exe [1324104] [PID.1268] [MD5.E23FF9B2F8EEAB2BDDA681C21C48E843] - (.pdfforge GbR - PDF Architect Conversion Service.) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe [795208] [PID.1376] [MD5.27EE3E5A72B3FE0AB0FE94D08D73B94B] - (.Avira Operations GmbH & Co. KG - Avira MailGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [400608] [PID.2148] [MD5.39C7274C2E8D299F108C17107A0481D7] - (.Avira Operations GmbH & Co. KG - Avira WebGuard Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe [565472] [PID.2256] [MD5.BECDDA0990DEBD72A30096533521AD73] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe [213384] [PID.3220] [MD5.9D1CCE440552500DED3A62F9D779CDB4] - (.Nero AG - NeroUpdate.) -- C:\Program Files (x86)\Nero\Update\NASvc.exe [503080] [PID.2276] ~ Processes Running: Legitimates Scanned in 00mn 01s ---\\ Google Chrome, Start,Search,Extensions (G0,G1,G2) C:\Users\MAEG\AppData\Local\Google\Chrome\User Data\Default\Preferences G1 - GCS: Preference [User Data\Default] None ~ Google Browser: Legitimates Scanned in 00mn 00s ---\\ Mozilla Firefox,Plugins,Start,Search,Extensions (P2,M0,M1,M2,M3) C:\Users\MAEG\AppData\Roaming\Mozilla\Firefox\Profiles\g4o1yvnw.default\prefs.js M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\amazon-france.xml M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\bing.xml M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\cnrtl-tlfi-fr.xml M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\eBay-france.xml M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\google.xml M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-fr.xml M3 - MFPP: Plugins - [MAEG] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-france.xml M2 - MFEP: prefs.js [MAEG - g4o1yvnw.default\firefox@ghostery.com] [] Ghostery v2.9.3 (.Evidon, Inc..) M2 - MFEP: prefs.js [MAEG - g4o1yvnw.default\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}] [WOT] WOT v20130129 (.WOT Services Oy.) P2 - FPN: [HKLM] [@adobe.com/FlashPlayer] - (...) -- C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll ~ Firefox Browser: Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Extensions, Start, Search (R4,R3,R0,R1) R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.fr R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://acer.msn.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Extensions Off Page = about:noadd-ons R1 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Security Risk Page = about:securityrisk R3 - URLSearchHook: Microsoft Url Search Hook [64Bits] - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.Microsoft Corporation - Internet Browser.) (9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)) -- C:\Windows\SysWOW64\ieframe.dll R4 - HKLM\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 R4 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\PhishingFilter,EnabledV8 = 1 ~ IE Browser: Legitimates Scanned in 00mn 00s ---\\ Internet Explorer, Proxy Management (R5) R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1 R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll ~ Proxy management: Legitimates Scanned in 00mn 00s ---\\ Line Analysis F0, F1, F2, F3 - IniFiles, Auto loading programs F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe, F2 - REG:system.ini: Shell=C:\Windows\explorer.exe F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe ~ Keys: Legitimates Scanned in 00mn 00s ---\\ Hosts file redirection (O1) ~ Le fichier hosts est sain (The hosts file is clean). ~ Hosts File: Legitimates Scanned in 00mn 00s ~ Nombre de lignes (Lines number): 21 ---\\ Browser Helper Objects (O2) O2 - BHO: AcroIEHelperStub [64Bits] - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} . (.Adobe Systems Incorporated - Adobe PDF Helper for Internet Explorer.) -- C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: PDF Architect Helper [64Bits] - {3A2D5EBA-F86D-4BD3-A177-019765996711} . (.pdfforge GbR - PDF Architect Helper.) -- C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll O2 - BHO: EgisPBIE [64Bits] - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} . (.Egis Technology Inc. - Password bank for IE.) -- C:\Program Files\Acer ProShield\x86\EgisPBIE.dll O2 - BHO: Windows Live ID Sign-in Helper [64Bits] - {9030D464-4C02-4ABF-8ECC-5164760863C6} . (.Microsoft Corp. - Microsoft® Windows Live ID Login Helper.) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Bing Bar Helper [64Bits] - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} . (.Microsoft Corporation. - Bing Client Extensions.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll ~ BHO: Legitimates Scanned in 00mn 00s ---\\ Auto loading programs from Registry and folders (O4) O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe O4 - HKLM\..\Run: [AutoLockProcess] . (.Unknown owner - eLock Management.) -- C:\Program Files\Acer\Empowering Technology\eLock\autolockprocess\autolockprocess.exe O4 - HKLM\..\Run: [Acer SmartBoot] . (.Acer Incorporated - Acer SmartBoot Tray.) -- C:\Program Files\Acer\Acer SmartBoot\ASLTray.exe O4 - HKLM\..\Run: [Acer PowerSaver] . (.Acer Incorporated - Acer PowerSaver Tray.) -- C:\Program Files\Acer\Acer PowerSaver\PowerSaverTray.exe O4 - HKCU\..\Run: [SanDiskSecureAccess_Manager.exe] . (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\MAEG\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe O4 - HKUS\S-1-5-21-3295741896-1575129033-3895859619-1000\..\Run: [SanDiskSecureAccess_Manager.exe] . (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\MAEG\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe ~ Application: Legitimates Scanned in 00mn 00s ---\\ Other User Links (O4) O4 - GS\TaskBar: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\TaskBar: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\TaskBar: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exe O4 - GS\TaskBar: Windows Media Player.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe O4 - GS\Programs: Internet Explorer (64-bit).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe O4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Private Character Editor.) -- C:\Windows\system32\eudcedit.exe O4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exe O4 - GS\Desktop: KPG-118D.lnk . (.KENWOOD Corporation - KPG-118D.) -- C:\Program Files (x86)\Kenwood FPU\KPG118D\kpg118d.exe O4 - GS\Desktop: KPG-124D.lnk . (.KENWOOD Corporation - KPG-124D.) -- C:\Program Files (x86)\Kenwood FPU\KPG124D\kpg124d.exe O4 - GS\Desktop: PDF Architect.lnk . (.pdfforge GbR - PDF Architect Application.) -- C:\Program Files (x86)\PDF Architect\PDF Architect.exe O4 - GS\Desktop: Presentation.lnk . (...) -- F:\Presentation.exe (.not file.) O4 - GS\TaskBar: Microsoft Office Word 2007.lnk . (...) -- C:\Windows\Installer\{90120000-0011-0000-0000-0000000FF1CE}\wordicon.exe O4 - GS\TaskBar: Welcome Center.lnk . (.Acer Incorporated - Welcome Center.) -- C:\Program Files (x86)\Acer\Welcome Center\OEMWelcomeCenter.exe ~ Global Startup: Legitimates Scanned in 00mn 04s ---\\ IE Options icon not visible in Control Panel (O5) ~ IE Control Panel: 1 Legitimates Scanned in 00mn 00s ---\\ Winsock hijacker (Layered Service Provider) (O10) O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - E-mail Naming Shim Provider.) -- C:\Windows\system32\napinsp.dll O10 - WLSP:\000000000003\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000004\Winsock LSP File . (.Microsoft Corporation - PNRP Name Space Provider.) -- C:\Windows\system32\pnrpnsp.dll O10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Microsoft Windows Sockets 2.0 Service Provider.) -- C:\Windows\system32\mswsock.dll ~ Winsock: 8 Legitimates Scanned in 00mn 00s ---\\ Internet Explorer Plugins (O12) ~ IE Extra Buttons: 0 Legitimates Scanned in 00mn 00s ---\\ Lop.com/Domain Hijackers (O17) O17 - HKLM\System\CCS\Services\Tcpip\..\{22A74AA2-A1AA-4DDB-A311-72631F77F8DB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{22A74AA2-A1AA-4DDB-A311-72631F77F8DB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{22A74AA2-A1AA-4DDB-A311-72631F77F8DB}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 ~ Domain: Legitimates Scanned in 00mn 00s ---\\ Extra protocols (O18) O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) -- O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll ~ Protocole Additionnel: Legitimates Scanned in 00mn 00s ---\\ AppInit_DLLs Registry value Autorun (O20) O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll ~ Winlogon: Legitimates Scanned in 00mn 00s ---\\ ShellServiceObjectDelayLoad (O21) ~ SSODL: 1 Legitimates Scanned in 00mn 00s ---\\ non Microsoft non disabled Windows XP/NT/2000 Services (O23) O23 - Service: Avira Mail Protection (AntiVirMailService) . (.Avira Operations GmbH & Co. KG - Avira MailGuard Service.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe O23 - Service: Acer SmartBoot Service (ASLSvc) . (.Acer Incorporated - Acer SmartBoot Service.) - C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe O23 - Service: eLock Service (eLockService) . (.Unknown owner - eLock Management.) - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe O23 - Service: Empowering Technology Service (ETService) . (.Unknown owner - Acer Empowering Technology Framework Servic.) - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe O23 - Service: NTI IScheduleSvc (NTI IScheduleSvc) . (.NTI Corporation - Backup Manager Module.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Skype Updater (SkypeUpdate) . (.Skype Technologies - Skype Updater Service.) - C:\Program Files (x86)\Skype\Updater\Updater.exe ~ Services: 18 Legitimates Scanned in 00mn 07s ---\\ Windows Active Desktop & MHTML Editor (O24) ~ Desktop Component: 1 Legitimates Scanned in 00mn 00s ---\\ ~ Keys: 1 Legitimates Scanned in 00mn 00s ---\\ Task Planned Automatically(039) O39 - APT:Automatic Planified Task - C:\Windows\Tasks\Adobe Flash Player Updater.job [830] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [1060] O39 - APT:Automatic Planified Task - C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [1064] [MD5.BAD6BEA0DE1F69C82BDB74378CE0C20A] [APT] [Adobe ARM] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288] [MD5.EA856F4A46320389D1899B2CAA7BF40F] [APT] [Adobe Flash Player Updater] (.Adobe Systems Incorporated.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [253656] [MD5.E97140424C378ACBD47DF493A6AB7235] [APT] [Adobe Reader Speed Launcher] (.Adobe Systems Incorporated.) -- C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736] [MD5.F9E87505DC0B27A9E3D9A99442303DC3] [APT] [CCleanerSkipUAC] (.Piriform Ltd.) -- C:\Program Files\CCleaner\CCleaner.exe [3288856] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineCore] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [MD5.506708142BC63DABA64F2D3AD1DCD5BF] [APT] [GoogleUpdateTaskMachineUA] (.Google Inc..) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [MD5.00000000000000000000000000000000] [APT] [{C52FB44F-5F95-46F6-97C8-ABA42FCD3E97}] (...) -- I:\KPG-124D\Disk1\Setup.exe (.not file.) [0] ~ Scheduled Task: Legitimates Scanned in 00mn 04s ---\\ ActiveSetup Installed Components (O40) O40 - ASIC: Microsoft Windows Media Player [64Bits] - >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} . (.Microsoft Corporation - Windows Media Player Resources.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Internet Explorer [64Bits] - >{26923b43-4d38-484f-9b9e-de460746276c} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe O40 - ASIC: Browser Customizations [64Bits] - >{60B49E34-C7CC-11D0-8953-00A0C90347FF} . (.Microsoft Corporation - IEAK branding.) -- C:\Windows\System32\iedkcs32.dll O40 - ASIC: Themes Setup [64Bits] - {2C7339CF-2B09-4501-B3F3-F3508C9228ED} . (.Microsoft Corporation - Windows Theme API.) -- C:\Windows\System32\themeui.dll O40 - ASIC: Browsing Enhancements [64Bits] - {630b1da0-b465-11d1-9948-00c04f98bbc9} . (.Microsoft Corporation - Microsoft Internet Explorer FTP Folder Shell Extension.) -- C:\Windows\System32\msieftp.dll O40 - ASIC: Microsoft Windows Media Player [64Bits] - {6BF52A52-394A-11d3-B153-00C04F79FAA6} . (.Microsoft Corporation - Windows Media Player Resources.) -- C:\Windows\System32\wmploc.dll O40 - ASIC: Windows Desktop Update [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4340} . (.Microsoft Corporation - Windows Shell Common Dll.) -- C:\Windows\System32\shell32.dll O40 - ASIC: Web Platform Customizations [64Bits] - {89820200-ECBD-11cf-8B85-00AA005B4383} . (.Microsoft Corporation - IE Per-User Initialization Utility.) -- C:\Windows\System32\ie4uinit.exe ~ Active Setup: 11 Legitimates Scanned in 00mn 00s ---\\ Drivers launched at startup (O41) O41 - Driver: C:\Windows\System32\drivers\pacer.sys (Psched) . (.Microsoft Corporation - QoS Packet Scheduler.) - C:\Windows\System32\DRIVERS\pacer.sys O41 - Driver: (Serial) . (.Microsoft Corporation - Serial Device Driver.) - C:\Windows\system32\drivers\serial.sys O41 - Driver: C:\Windows\System32\drivers\vpcvmm.sys (vpcvmm) . (.Microsoft Corporation - Virtual PC Virtual Machine Monitor.) - C:\Windows\System32\drivers\vpcvmm.sys ~ Drivers: 84 Legitimates Scanned in 00mn 10s ---\\ Software installed (O42) O42 - Logiciel: 64 Bit HP CIO Components Installer - (.Hewlett-Packard.) [HKLM][64Bits] -- {5737101A-27C4-408A-8A57-D1DC78DF84B4} O42 - Logiciel: Acer Backup Manager - (.NTI Corporation.) [HKLM][64Bits] -- InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270} O42 - Logiciel: Acer Framework - (.Acer Incorporated.) [HKLM][64Bits] -- {8F1B6239-FEA0-450A-A950-B05276CE177C} O42 - Logiciel: Acer PowerSaver - (.Acer Incorporated.) [HKLM][64Bits] -- {A1FFD720-0806-40E9-9554-DB22D593FDEF} O42 - Logiciel: Acer QuickMigration - (.Acer Incorporated.) [HKLM][64Bits] -- {D38FA7FF-84E7-42F7-ACAC-E85DF086F008} O42 - Logiciel: Acer Registration - (.Acer Incorporated.) [HKLM][64Bits] -- Acer Registration O42 - Logiciel: Acer ScreenSaver - (.Acer Incorporated.) [HKLM][64Bits] -- Acer Screensaver O42 - Logiciel: Acer SmartBoot - (.Acer Incorporated.) [HKLM][64Bits] -- {9E65215B-9DE9-401A-8541-C82FE2D2BC66} O42 - Logiciel: Acer Updater - (.Acer Incorporated.) [HKLM][64Bits] -- {EE171732-BEB4-4576-887D-CB62727F01CA} O42 - Logiciel: Acer eLock Management - (.Acer Incorporated.) [HKLM][64Bits] -- {5CC23DEB-D22A-4345-9CFF-F8C602BCE792} O42 - Logiciel: Acer eRecovery Management - (.Acer Incorporated.) [HKLM][64Bits] -- {7F811A54-5A09-4579-90E1-C93498E230D9} O42 - Logiciel: Acer eSettings Management - (.Acer Incorporated.) [HKLM][64Bits] -- {13D85C14-2B85-419F-AC41-C7F21E68B25D} O42 - Logiciel: Backup Manager V3 - (.NTI Corporation.) [HKLM][64Bits] -- {0B61BBD5-DA3C-409A-8730-0C3DC3B0F270} O42 - Logiciel: Bing Bar - (.Microsoft Corporation.) [HKLM][64Bits] -- {1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF} O42 - Logiciel: CorelDRAW Graphics Suite X3 - (.Corel Corporation.) [HKLM][64Bits] -- {7C5123A9-30A8-4C44-89CA-A8C87A1FCC91} O42 - Logiciel: EN - (.Corel Corporation.) [HKLM][64Bits] -- {32A72502-BC2C-4C39-ACEA-BC3D463F0697} O42 - Logiciel: FontNav - (.Corel Corporation.) [HKLM][64Bits] -- {4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE} O42 - Logiciel: KPG-118D - (...) [HKLM][64Bits] -- {4FA0FDE8-5C21-4B7D-8786-DC005FA3B8CA} O42 - Logiciel: KPG-124D - (...) [HKLM][64Bits] -- {7FCEF7AB-23E9-438A-983D-29ABEDEC93D9} O42 - Logiciel: PDF Architect - (.pdfforge.) [HKLM][64Bits] -- {80A07844-CA64-4DE4-AB61-D37DDBE8074F} O42 - Logiciel: PDFCreator - (.pdfforge.) [HKLM][64Bits] -- {0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} O42 - Logiciel: ProShield - (.Egis Technology Inc..) [HKLM][64Bits] -- InstallShield_{08CCD7B4-9EED-4926-805D-C4FFF869989A} O42 - Logiciel: ProShield - (.Egis Technology Inc..) [HKLM][64Bits] -- {08CCD7B4-9EED-4926-805D-C4FFF869989A} O42 - Logiciel: SanDiskSecureAccess_Manager.exe - (.Gemalto N.V..) [HKCU][64Bits] -- @@__UNKNOWN__@@SanDiskSecureAccess_Manager.exe O42 - Logiciel: Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) - (.Silicon Laboratories.) [HKLM][64Bits] -- SLABCOMM&10C4&EA60 O42 - Logiciel: Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7 - (.Silicon Laboratories, Inc..) [HKLM][64Bits] -- {DFFCE8A5-AB0E-4382-9B83-0A9183A97FFF} O42 - Logiciel: Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_ - (.Silicon Laboratories, Inc..) [HKLM][64Bits] -- {16746E4F-DB4D-4D8B-991E-AD5150358240} O42 - Logiciel: Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_ - (.Silicon Laboratories, Inc..) [HKLM][64Bits] -- {566C1AE1-60CE-4A7F-8B1C-CD45EBD6D3C5} O42 - Logiciel: Silicon Laboratories CP210x VCP Drivers for Windows XP/2003 Server/Vista/7_ - (.Silicon Laboratories, Inc..) [HKLM][64Bits] -- {A2619717-C0B7-4717-A3D1-C6B97D9D42DA} O42 - Logiciel: Update Manager - (.Corel Corporation.) [HKLM][64Bits] -- {F428D0FB-765D-40EB-BDD8-A1E7F5C597FA} O42 - Logiciel: VBA - (.Corel Corporation.) [HKLM][64Bits] -- {C94E45B0-6AA6-4FB9-9AAE-22085F631880} O42 - Logiciel: Veriton ControlCenter - (.Acer Incorporated.) [HKLM][64Bits] -- {A78190D6-A513-4C5D-BC20-CFE14F1CD5E3} O42 - Logiciel: Welcome Center - (.Acer Incorporated.) [HKLM][64Bits] -- Acer Welcome Center ---\\ HKCU & HKLM Software Keys [HKCU\Software\KENWOOD] [HKCU\Software\Protexis] [HKLM\Software\Wave Systems Corp.] [HKLM\Software\Wow6432Node\Altiris] [HKLM\Software\Wow6432Node\Bitstream] [HKLM\Software\Wow6432Node\KENWOOD Corporation] [HKLM\Software\Wow6432Node\Prolific Technology INC] [HKLM\Software\Wow6432Node\Silicon Laboratories, Inc.] ~ Softwares: 43 Legitimates Scanned in 00mn 00s ---\\ Contents of the Common Files folders (O43) O43 - CFD: 03/11/2012 - 11:55:56 - [8,788] ----D C:\Program Files (x86)\Kenwood FPU O43 - CFD: 27/10/2012 - 11:55:48 - [341,473] ----D C:\Program Files (x86)\NTI O43 - CFD: 31/10/2012 - 13:04:29 - [3,305] ----D C:\Program Files (x86)\Silabs O43 - CFD: 22/02/2013 - 6:07:59 - [0,187] ----D C:\Program Files (x86)\Common Files\DESIGNER O43 - CFD: 21/02/2013 - 11:28:23 - [6,931] ----D C:\ProgramData\Virtualized Applications O43 - CFD: 02/01/2013 - 9:49:49 - [0] ----D C:\ProgramData\VirtualizedApplications O43 - CFD: 27/10/2012 - 12:12:39 - [0,001] ----D C:\ProgramData\Wave Systems Corp O43 - CFD: 26/11/2012 - 18:05:36 - [37,569] ----D C:\Users\MAEG\AppData\Roaming\SanDisk O43 - CFD: 14/12/2012 - 16:43:53 - [0] ----D C:\Users\MAEG\AppData\Roaming\TP O43 - CFD: 27/10/2012 - 11:50:23 - [0] ----D C:\Users\MAEG\AppData\Local\History O43 - CFD: 26/11/2012 - 18:05:36 - [0,002] ----D C:\Users\MAEG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk SecureAccess Manager ~ 4 Dossiers CLSID vides (CLSID Empty Folders) ~ Program Folder: 121 Legitimates Scanned in 00mn 19s ---\\ Last modified or created files under Windows and System32 (O44) O44 - LFC:[MD5.933222B19FF3E7EA5F65517EA1F7D57E] - 02/06/2012 - 6:35:15 RSHAD . (...) -- C:\Windows\System32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [3] O44 - LFC:[MD5.933222B19FF3E7EA5F65517EA1F7D57E] - 02/06/2012 - 6:57:51 RSHAD . (...) -- C:\Windows\System32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [3] O44 - LFC:[MD5.92EB844D90615CB266F84C3202B8786E] - 12/03/2013 - 6:44:48 RSHAD . (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Windows\System32\Drivers\mbam.sys [24176] O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 21/03/2013 - 3:44:58 ---A- . (...) -- C:\Windows\setuperr.log [0] O44 - LFC:[MD5.48FE4B60AD5E74F055ED98C968E8BE66] - 21/03/2013 - 4:26:08 ---A- . (...) -- C:\AdwCleaner[R1].txt [1092] O44 - LFC:[MD5.F2CC76669EEB3E0AA275467F72F285C2] - 21/03/2013 - 4:27:06 ---A- . (...) -- C:\AdwCleaner[S1].txt [1155] O44 - LFC:[MD5.0F9918AE7C40FA23F859FBF6F9C2F6A0] - 21/03/2013 - 4:28:12 ---A- . (...) -- C:\Windows\PFRO.log [446] O44 - LFC:[MD5.7858645DDD7E81279E61FEDE119A2FC7] - 21/03/2013 - 4:28:15 -S-A- . (...) -- C:\Windows\bootstat.dat [67584] O44 - LFC:[MD5.AC849B99E032F4017BB1CE37934DD4AF] - 21/03/2013 - 4:28:16 ---A- . (...) -- C:\Windows\setupact.log [112] O44 - LFC:[MD5.B458A1AFA2408A53E1F5BC340E68DD38] - 21/03/2013 - 4:31:38 ---A- . (...) -- C:\Windows\WindowsUpdate.log [10524] O44 - LFC:[MD5.4016413E71D22B10A92C82DDCCCAAFD9] - 21/03/2013 - 4:32:46 ---A- . (...) -- C:\Windows\SysNative\PerfStringBackup.INI [726316] O44 - LFC:[MD5.04FF04E53DBA4FBFF964F291739147DE] - 21/03/2013 - 4:32:46 ---A- . (...) -- C:\Windows\SysNative\perfc009.dat [106898] O44 - LFC:[MD5.9660B74A7A5349A10CFE318BCB3CDE7B] - 21/03/2013 - 4:32:46 ---A- . (...) -- C:\Windows\SysNative\perfh009.dat [625532] O44 - LFC:[MD5.4016413E71D22B10A92C82DDCCCAAFD9] - 21/03/2013 - 4:32:46 ---A- . (...) -- C:\Windows\System32\PerfStringBackup.INI [726316] O44 - LFC:[MD5.04FF04E53DBA4FBFF964F291739147DE] - 21/03/2013 - 4:32:46 RSHAD . (...) -- C:\Windows\System32\perfc009.dat [106898] O44 - LFC:[MD5.9660B74A7A5349A10CFE318BCB3CDE7B] - 21/03/2013 - 4:32:46 RSHAD . (...) -- C:\Windows\System32\perfh009.dat [625532] O44 - LFC:[MD5.BFE9598EBC3934CF8D876A303849C896] - 22/02/2013 - 4:45:22 RSHAD . (.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) -- C:\Windows\System32\Drivers\avgntflt.sys [99912] O44 - LFC:[MD5.F74D86A9FB35FA5F24627B8DBBF3A9A4] - 22/02/2013 - 4:45:24 RSHAD . (.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) -- C:\Windows\System32\Drivers\avipbb.sys [129216] O44 - LFC:[MD5.CD0E732347BF09717E0BDDC0C66699AB] - 22/02/2013 - 4:45:25 RSHAD . (.Avira Operations GmbH & Co. KG - Avira Manager Driver.) -- C:\Windows\System32\Drivers\avkmgr.sys [27800] O44 - LFC:[MD5.C667A0A4D08227ED19D7720FAF7E2D54] - 22/02/2013 - 5:05:28 ---A- . (...) -- C:\Windows\win.ini [510] O44 - LFC:[MD5.84DE02987CF2C57C422469CD056ED37F] - 22/02/2013 - 5:58:34 ---A- . (.pdfforge GbR - pdfcmon.) -- C:\Windows\SysNative\pdfcmon.dll [103936] O44 - LFC:[MD5.84DE02987CF2C57C422469CD056ED37F] - 22/02/2013 - 5:58:34 RSHAD . (.pdfforge GbR - pdfcmon.) -- C:\Windows\System32\pdfcmon.dll [103936] O44 - LFC:[MD5.4824377785E68D711AF52B4AC7BFF6AE] - 25/02/2013 - 4:40:35 ---A- . (...) -- C:\Windows\FontData.fdb [61438] O44 - LFC:[MD5.A101B8EE05BC8421EED0EBA452DB3A77] - 22/02/2013 - 12:50:16 ---A- . (.Hewlett-Packard Corporation - No comment.) -- C:\Windows\SysNative\hpcpn120.dll [286720] O44 - LFC:[MD5.A101B8EE05BC8421EED0EBA452DB3A77] - 22/02/2013 - 12:50:16 RSHAD . (.Hewlett-Packard Corporation - No comment.) -- C:\Windows\System32\hpcpn120.dll [286720] O44 - LFC:[MD5.ADD09307610FED6030075DDC23462BC5] - 22/02/2013 - 11:35:33 ---A- . (...) -- C:\Windows\SysNative\FNTCACHE.DAT [438680] O44 - LFC:[MD5.ADD09307610FED6030075DDC23462BC5] - 22/02/2013 - 11:35:33 RSHAD . (...) -- C:\Windows\System32\FNTCACHE.DAT [438680] O44 - LFC:[MD5.2ED72B3F76C9368ABC01464DA64DB7AE] - 20/02/2013 - 13:37:58 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\SysNative\atmlib.dll [46080] O44 - LFC:[MD5.2ED72B3F76C9368ABC01464DA64DB7AE] - 20/02/2013 - 13:37:58 ---A- . (.Adobe Systems - Windows NT OpenType/Type 1 API Library..) -- C:\Windows\System32\atmlib.dll [46080] O44 - LFC:[MD5.CB2ABB2DA1E9C977302A78D86D4AE3B0] - 20/02/2013 - 13:37:58 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\SysNative\atmfd.dll [367616] O44 - LFC:[MD5.CB2ABB2DA1E9C977302A78D86D4AE3B0] - 20/02/2013 - 13:37:58 ---A- . (.Adobe Systems Incorporated - Windows NT OpenType/Type 1 Font Driver.) -- C:\Windows\System32\atmfd.dll [367616] ~ Files: Legitimates Scanned in 00mn 44s ---\\ Last files created in Windows Prefetcher (O45) O45 - LFCP:[MD5.448CA6272ECE0E3DD9F2E198CAD0F06C] - 06/03/2013 - 6:59:59 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-51CCB287.pf O45 - LFCP:[MD5.025395C2730CEEE659510D51785607C1] - 06/03/2013 - 7:00:00 ---A- - C:\Windows\Prefetch\SDIAGNHOST.EXE-B3171AA1.pf O45 - LFCP:[MD5.573CA7C8C5907FEE87ACE6E6E142B573] - 06/03/2013 - 7:00:01 ---A- - C:\Windows\Prefetch\CSC.EXE-0E09149C.pf O45 - LFCP:[MD5.86ACCA9DCAB5880B8B2314AC2CA47F8B] - 06/03/2013 - 7:00:01 ---A- - C:\Windows\Prefetch\CVTRES.EXE-F4BA0E72.pf O45 - LFCP:[MD5.E9F6671DDE6A2C7B006253C894BE5B25] - 06/03/2013 - 7:00:08 ---A- - C:\Windows\Prefetch\W32TM.EXE-C4E0F88E.pf O45 - LFCP:[MD5.1288EE2872E05F6940AB22F87190A8C7] - 06/03/2013 - 7:00:18 ---A- - C:\Windows\Prefetch\PING.EXE-4A8A6853.pf O45 - LFCP:[MD5.3022CC9BFF330B8F19264A24D9D4E078] - 06/03/2013 - 7:00:18 ---A- - C:\Windows\Prefetch\VSSVC.EXE-6C8F0C66.pf O45 - LFCP:[MD5.AEB3DC0EF8D9EF6048B2CDDFDEE145A6] - 06/03/2013 - 7:00:19 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-6A249820.pf O45 - LFCP:[MD5.C87BF355633E3646BC435FA2934D80D1] - 06/03/2013 - 7:01:22 ---A- - C:\Windows\Prefetch\TRUSTEDINSTALLER.EXE-766EFF52.pf O45 - LFCP:[MD5.26693010A1F08F11FAB1DB53553CCB14] - 06/03/2013 - 7:06:21 ---A- - C:\Windows\Prefetch\WMPLAYER.EXE-EBBA463B.pf O45 - LFCP:[MD5.6F73FF6814F3656667DEB1919D70B020] - 06/03/2013 - 9:30:34 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3295741896-1575129033-3895859619-1000.snp.db O45 - LFCP:[MD5.91AA78E9550C04D58A1FC694DB0D0C1E] - 06/03/2013 - 9:32:04 ---A- - C:\Windows\Prefetch\AgCx_SC3_E4BCB2686962118C.db O45 - LFCP:[MD5.582056F0CDB67120E16A5682D0EC5FCF] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\CONVERSIONSERVICE.EXE-A26D594E.pf O45 - LFCP:[MD5.C48BF378A99AC172D07BD27F0B4C44A7] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\GREGSVC.EXE-70913FA5.pf O45 - LFCP:[MD5.5BB4A8DD1C434A660B9990771E184A24] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\HELPERSERVICE.EXE-E7F77418.pf O45 - LFCP:[MD5.9C5704CE3BBC5D6524CAB25AA016C553] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\ISCHEDULESVC.EXE-709A6177.pf O45 - LFCP:[MD5.6030526F8613D95DBEF8BEC09B4A5720] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\MDM.EXE-1CD639EC.pf O45 - LFCP:[MD5.AE99AB5A9BDB97A0716DDDFDB201F7CE] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-CAC3A18F.pf O45 - LFCP:[MD5.EE71644305EC5A6A4091F3DF8FDB06C0] - 07/03/2013 - 8:29:05 ---A- - C:\Windows\Prefetch\UPDATERSERVICE.EXE-7B0C15AC.pf O45 - LFCP:[MD5.8DE86EB1744B4DF73641F4302D7AE3E2] - 07/03/2013 - 8:34:00 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-58F15927.pf O45 - LFCP:[MD5.63FF4A88CCDFE40846132EF593BD617A] - 11/03/2013 - 10:08:19 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-74E69EAB.pf O45 - LFCP:[MD5.9B83402B676FF11ECAF6185AA085CEF4] - 11/03/2013 - 10:11:15 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-50F9BE60.pf O45 - LFCP:[MD5.244BD4E17628C8D47321224D94AAA2C9] - 11/03/2013 - 10:12:18 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-AF47CD65.pf O45 - LFCP:[MD5.F394936BDFFCCAF127DDE4A1671DA838] - 11/03/2013 - 10:51:49 ---A- - C:\Windows\Prefetch\PDFCREATOR.EXE-9C8122B2.pf O45 - LFCP:[MD5.7446FE142BBBF66EAF8EA212B1A168C7] - 11/03/2013 - 10:52:11 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-6BE3EB6F.pf O45 - LFCP:[MD5.54E83FAB6B8F85E25DAE6055D887A3F1] - 11/03/2013 - 11:25:16 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3295741896-1575129033-3895859619-1002.db O45 - LFCP:[MD5.63805680ADC8FE9BA496B462010B2452] - 11/03/2013 - 11:25:16 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3295741896-1575129033-3895859619-1002.db O45 - LFCP:[MD5.491012DD58D88636237876F9330E4F20] - 11/03/2013 - 11:33:09 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-CA31FA74.pf O45 - LFCP:[MD5.A8DB99D61ABE569BCE7262BFFB472693] - 11/03/2013 - 11:41:14 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-28800979.pf O45 - LFCP:[MD5.6025243B7769CFBFD3F145F8BA92A3C3] - 11/03/2013 - 11:53:22 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-86CE187E.pf O45 - LFCP:[MD5.58634FF4C7D32B0892586627FD48A194] - 11/03/2013 - 12:17:01 ---A- - C:\Windows\Prefetch\CALC.EXE-43F37294.pf O45 - LFCP:[MD5.C6390E884759CA5FB3D610A5B61CBFE6] - 11/03/2013 - 12:46:48 ---A- - C:\Windows\Prefetch\WINWORD.EXE-F9C53B4F.pf O45 - LFCP:[MD5.29A3D8F16A7BCDD0484944FDDD5DF83C] - 11/03/2013 - 12:52:33 ---A- - C:\Windows\Prefetch\PDF ARCHITECT.EXE-DC22F868.pf O45 - LFCP:[MD5.62AECE6A116690353CC900A754D941A5] - 11/03/2013 - 7:56:47 ---A- - C:\Windows\Prefetch\BINGAPP.EXE-C298C7DD.pf O45 - LFCP:[MD5.5AFF3AF8957380BB4ADDF35A1CBD7FEC] - 11/03/2013 - 7:56:49 ---A- - C:\Windows\Prefetch\BINGSURROGATE.EXE-C49CE1F4.pf O45 - LFCP:[MD5.B0780F8DD6DD8D5411D27F79F72CC951] - 11/03/2013 - 7:58:59 ---A- - C:\Windows\Prefetch\SC.EXE-6C4D4413.pf O45 - LFCP:[MD5.17C7057216D153D4ABE4CDB617744FF3] - 11/03/2013 - 7:59:07 ---A- - C:\Windows\Prefetch\GUARDGUI.EXE-F5BE2664.pf O45 - LFCP:[MD5.39FA0CDE86F20E14B55B413D1D4C9C1E] - 11/03/2013 - 8:14:22 ---A- - C:\Windows\Prefetch\EULA.EXE-53677E39.pf O45 - LFCP:[MD5.CC2897A4949F840A5C420B4C955E9941] - 11/03/2013 - 8:30:28 ---A- - C:\Windows\Prefetch\DEVICEDISPLAYOBJECTPROVIDER.E-D37241ED.pf O45 - LFCP:[MD5.1050C97B0D557CEA9A8356870F542C8C] - 11/03/2013 - 8:32:54 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-D9DCD0F3.pf O45 - LFCP:[MD5.DC69EF590B1DD76DC28980A2BDD9EA56] - 11/03/2013 - 8:39:06 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-4A63D84D.pf O45 - LFCP:[MD5.5E91B792006B3950A6BE955FCA3609E8] - 11/03/2013 - 8:45:19 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-5512235E.pf O45 - LFCP:[MD5.22A242C82B362B1DBBEE215D620330DF] - 11/03/2013 - 8:46:31 ---A- - C:\Windows\Prefetch\EXCEL.EXE-DF9C9784.pf O45 - LFCP:[MD5.92DF92CA61E9E9B1C9CB19BABE5E530F] - 11/03/2013 - 8:54:29 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-59FC719C.pf O45 - LFCP:[MD5.3BDF5DB5370F65FFD731F1613E505407] - 11/03/2013 - 8:58:41 ---A- - C:\Windows\Prefetch\VERCLSID.EXE-FBC502B5.pf O45 - LFCP:[MD5.94B56DAB86E3BA4BC3CA875C993CDFAC] - 11/03/2013 - 9:11:47 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B84A80A1.pf O45 - LFCP:[MD5.E089BACDD76892CAD5DC167AA248016D] - 11/03/2013 - 9:12:25 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-16988FA6.pf O45 - LFCP:[MD5.BBAC12205D6FF94614B170469E4C7246] - 12/03/2013 - 3:57:10 ---A- - C:\Windows\Prefetch\WINWORD.EXE-8D8AC989.pf O45 - LFCP:[MD5.7A7694430FA7DA79C66469A38B903AB2] - 12/03/2013 - 4:22:41 ---A- - C:\Windows\Prefetch\AgCx_SC4.db O45 - LFCP:[MD5.9475182C5E403579D4A56FABB713492A] - 12/03/2013 - 5:37:40 ---A- - C:\Windows\Prefetch\UPDATER.EXE-228D488F.pf O45 - LFCP:[MD5.1C2E11D0AFE184555D1DF21F2DF27A9D] - 12/03/2013 - 6:32:27 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE.EXE-9596E406.pf O45 - LFCP:[MD5.204B167968A1068CED4932F28DA502FE] - 12/03/2013 - 6:32:27 ---A- - C:\Windows\Prefetch\UPDATER.EXE-A661B82C.pf O45 - LFCP:[MD5.892BF5002D92288DC8CA7932759B5B17] - 12/03/2013 - 6:32:28 ---A- - C:\Windows\Prefetch\HELPER.EXE-8427620B.pf O45 - LFCP:[MD5.7FEB69545BA90BF84EE6A4EEBB6384E3] - 12/03/2013 - 6:32:29 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_INSTALLER.-70B09122.pf O45 - LFCP:[MD5.6F5D5ECE9798811784CB49A8E34AC426] - 12/03/2013 - 6:32:29 ---A- - C:\Windows\Prefetch\MAINTENANCESERVICE_TMP.EXE-6A746806.pf O45 - LFCP:[MD5.7DE1EB3341F8A299128C55E191C2E414] - 12/03/2013 - 6:44:41 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100.TMP-1B0C31AC.pf O45 - LFCP:[MD5.D85DB8A4B15C43E8B724FADC952424D1] - 12/03/2013 - 6:44:45 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100.EXE-02034B97.pf O45 - LFCP:[MD5.86DCA57C0947BAF921809FFDCC56EB04] - 12/03/2013 - 6:44:45 ---A- - C:\Windows\Prefetch\MBAM-SETUP-1.70.0.1100.TMP-4B494B37.pf O45 - LFCP:[MD5.2A2BD18C76C8F4B625EAC0A62DA942DF] - 12/03/2013 - 6:44:49 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-B31EC963.pf O45 - LFCP:[MD5.E52CED90D316712D5A25F6843DB541B7] - 12/03/2013 - 6:45:13 ---A- - C:\Windows\Prefetch\MBAMSCHEDULER.EXE-2A9BB9FF.pf O45 - LFCP:[MD5.73DF35428F4C64B106CD5059B160CB58] - 12/03/2013 - 6:45:14 ---A- - C:\Windows\Prefetch\MBAMSERVICE.EXE-08D249B9.pf O45 - LFCP:[MD5.857DB4E35A9BF29F493353F4395D1344] - 12/03/2013 - 7:49:26 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-85C09445.pf O45 - LFCP:[MD5.7C6914CFCA5247394A1FC94543E9BD7B] - 12/03/2013 - 7:53:25 ---A- - C:\Windows\Prefetch\SMSS.EXE-B5B810DB.pf O45 - LFCP:[MD5.918B0FA7D69D17C5EB1F63ECF64710D1] - 12/03/2013 - 7:53:26 ---A- - C:\Windows\Prefetch\AgCx_S1_S-1-5-21-3295741896-1575129033-3895859619-1002.snp.db O45 - LFCP:[MD5.A16D1D2FDF41057895532716EA4D12EE] - 12/03/2013 - 7:53:32 ---A- - C:\Windows\Prefetch\ATBROKER.EXE-5CD29207.pf O45 - LFCP:[MD5.7D639F1E7438CFFF8B60E8535DD55AF9] - 12/03/2013 - 7:53:35 ---A- - C:\Windows\Prefetch\CSRSS.EXE-F3C368CB.pf O45 - LFCP:[MD5.AC33499757DEFD3519715F4707C42F54] - 12/03/2013 - 7:53:38 ---A- - C:\Windows\Prefetch\WINLOGON.EXE-DEDDC9B6.pf O45 - LFCP:[MD5.4F7F830285F75C397C15676A522A18C6] - 18/03/2013 - 5:17:45 ---A- - C:\Windows\Prefetch\NTOSBOOT-B00DFAAD.pf O45 - LFCP:[MD5.D868CE596A89549D9008BC7CF88FA427] - 18/03/2013 - 5:18:34 ---A- - C:\Windows\Prefetch\FLASHUTIL32_11_6_602_171_ACTI-A4C945E4.pf O45 - LFCP:[MD5.BE137E792831DDF2E1E3A75A175BD73B] - 19/02/2013 - 8:17:01 ---A- - C:\Windows\Prefetch\AgCx_SC3_0F505D2AC7E9AE21.db O45 - LFCP:[MD5.6EC4AB03DFBD08A263E5DE1C63649044] - 20/03/2013 - 3:45:31 ---A- - C:\Windows\Prefetch\AVSCAN.EXE-3D14B848.pf O45 - LFCP:[MD5.0D9B67916980A4F094EB13EA843978B2] - 20/03/2013 - 3:45:34 ---A- - C:\Windows\Prefetch\AgCx_SC1.db.trx O45 - LFCP:[MD5.807E867BB94A407BFE467B1C5CCACBA2] - 20/03/2013 - 3:46:35 ---A- - C:\Windows\Prefetch\AgCx_SC1.db O45 - LFCP:[MD5.31F8A0158B7B67A9A282C163A1AB78AA] - 20/03/2013 - 3:51:00 ---A- - C:\Windows\Prefetch\FLASHPLAYERPLUGIN_11_6_602_17-D03DA982.pf O45 - LFCP:[MD5.F233204B3ACEBE0D33C9319543C99C40] - 20/03/2013 - 4:45:00 ---A- - C:\Windows\Prefetch\WRITETIME2009_07-09.EXE-8249EC6B.pf O45 - LFCP:[MD5.E6309E5BAE7AC7E4F707B3BF5B5CD275] - 20/03/2013 - 6:18:41 ---A- - C:\Windows\Prefetch\VISTAGETS3S4REG.EXE-C15F16B0.pf O45 - LFCP:[MD5.2FC7B1AF07904B4E0B14F695165D9EA0] - 20/03/2013 - 6:18:50 ---A- - C:\Windows\Prefetch\ACER.SCR-2E5AFFAA.pf O45 - LFCP:[MD5.CF651D96FBA1771F27260780ADFCF741] - 20/03/2013 - 6:37:20 ---A- - C:\Windows\Prefetch\Layout.ini O45 - LFCP:[MD5.E1780914185E7E390E2B7213E3DBDA39] - 20/03/2013 - 6:41:37 ---A- - C:\Windows\Prefetch\NOTIFICATIONTIP.EXE-28C3663A.pf O45 - LFCP:[MD5.18105AC7665B2BD19AE3B643D0063899] - 20/03/2013 - 6:45:20 ---A- - C:\Windows\Prefetch\AgGlUAD_P_S-1-5-21-3295741896-1575129033-3895859619-1000.db O45 - LFCP:[MD5.26C15C1C50F8785C7E471471425EFFF8] - 20/03/2013 - 6:45:20 ---A- - C:\Windows\Prefetch\AgGlUAD_S-1-5-21-3295741896-1575129033-3895859619-1000.db O45 - LFCP:[MD5.75C42C32302EFE953A5A62D1AEE83933] - 20/03/2013 - 8:44:51 ---A- - C:\Windows\Prefetch\MOBSYNC.EXE-B307E1CC.pf O45 - LFCP:[MD5.EBB15306AAE775E7E1EA2E65D389AC8F] - 20/03/2013 - 8:44:51 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-0D53616E.pf O45 - LFCP:[MD5.281E4390DE24F72C8A1466FB8801396C] - 20/03/2013 - 8:46:03 ---A- - C:\Windows\Prefetch\CORELDRW.EXE-B0EEC452.pf O45 - LFCP:[MD5.281E9CEB6117B9727E29BE64B6F3F845] - 20/03/2013 - 8:46:13 ---A- - C:\Windows\Prefetch\SPLWOW64.EXE-57576C25.pf O45 - LFCP:[MD5.BEFFCBAF234A519ABEBAD2D39FA7FA22] - 20/03/2013 - 8:49:31 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-E0C43588.pf O45 - LFCP:[MD5.9286EBE6A293D5E15066FF08F7C9AC70] - 20/03/2013 - 8:50:09 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-63B92852.pf O45 - LFCP:[MD5.66C9978B9A7F083305BEC9D64D1F047C] - 20/03/2013 - 8:53:31 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-3F12448D.pf O45 - LFCP:[MD5.73A8AC9BF938D17F80207CD432C4C1C4] - 20/03/2013 - 8:56:42 ---A- - C:\Windows\Prefetch\CHROME.EXE-5349D2D7.pf O45 - LFCP:[MD5.6FC9188DC0B043642D1742D129E0431C] - 20/03/2013 - 9:00:00 ---A- - C:\Windows\Prefetch\SDCLT.EXE-94EAE077.pf O45 - LFCP:[MD5.02C5D7C48CCA4CB7314B006FBAF68989] - 20/03/2013 - 9:04:25 ---A- - C:\Windows\Prefetch\WLXPHOTOGALLERY.EXE-23C23094.pf O45 - LFCP:[MD5.FE93045EE5823C326561D555AEAFD554] - 20/03/2013 - 9:04:38 ---A- - C:\Windows\Prefetch\PRINTISOLATIONHOST.EXE-3DD89C8E.pf O45 - LFCP:[MD5.69DE61E1BD5ABBF5AB6C9B972F939F18] - 20/03/2013 - 9:04:45 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-9D605392.pf O45 - LFCP:[MD5.A0A7A950D9D386E543118126CDD775C8] - 20/03/2013 - 9:05:17 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-FBAE6297.pf O45 - LFCP:[MD5.A4A9263A913AA18F60BC84C083A15D10] - 21/03/2013 - 3:45:53 ---A- - C:\Windows\Prefetch\SEARCHINDEXER.EXE-1CF42BC6.pf O45 - LFCP:[MD5.660577F4B3FC82575648C932E3AD8E2A] - 21/03/2013 - 3:49:13 ---A- - C:\Windows\Prefetch\IGFXSRVC.EXE-C5618119.pf O45 - LFCP:[MD5.4736ADD93709BACF46719EBEBAAF4A05] - 21/03/2013 - 3:50:33 ---A- - C:\Windows\Prefetch\UPDRGUI.EXE-95EF1B4C.pf O45 - LFCP:[MD5.6F48A926103445A19FFD090395B2EFBF] - 21/03/2013 - 3:54:16 ---A- - C:\Windows\Prefetch\WSQMCONS.EXE-4048402C.pf O45 - LFCP:[MD5.A1224EE3C0A8FC87D5F82B4DEB527B6D] - 21/03/2013 - 3:56:46 ---A- - C:\Windows\Prefetch\UPDATE.EXE-5CF8B53B.pf O45 - LFCP:[MD5.684B1BC1C7D83505843F2407C06C411B] - 21/03/2013 - 4:00:11 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-D49D3641.pf O45 - LFCP:[MD5.FA7A60AC617762B13C92C581A147264B] - 21/03/2013 - 4:02:02 ---A- - C:\Windows\Prefetch\FLASHPLAYERUPDATESERVICE.EXE-0129C0B2.pf O45 - LFCP:[MD5.53C83C82879159B591C2164468606166] - 21/03/2013 - 4:08:49 ---A- - C:\Windows\Prefetch\TASKHOST.EXE-A0F5E092.pf O45 - LFCP:[MD5.A8433CDBC45EBA2CECDC42FCD91D66D5] - 21/03/2013 - 4:20:56 ---A- - C:\Windows\Prefetch\AgRobust.db O45 - LFCP:[MD5.8839298DFB27074B8EC4B1AD7774EFE1] - 21/03/2013 - 4:20:57 ---A- - C:\Windows\Prefetch\AgGlGlobalHistory.db O45 - LFCP:[MD5.E34D6953425B5BB37F2D6D40EC5372A6] - 21/03/2013 - 4:21:00 ---A- - C:\Windows\Prefetch\AgGlFaultHistory.db O45 - LFCP:[MD5.41F49A9569B50B71B93B78E43568C4D2] - 21/03/2013 - 4:21:01 ---A- - C:\Windows\Prefetch\AgGlFgAppHistory.db O45 - LFCP:[MD5.A3F3E13812E37B31C472587A9BC1429A] - 21/03/2013 - 4:24:03 ---A- - C:\Windows\Prefetch\AUDIODG.EXE-AB22E9A6.pf O45 - LFCP:[MD5.E3873E1521A1A16CB8F06D00CCE39A1F] - 21/03/2013 - 4:25:57 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-B6001A63.pf O45 - LFCP:[MD5.012DD8A9B4E8FC29B06C07C4CEFD7F66] - 21/03/2013 - 4:26:16 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-D096D5BE.pf O45 - LFCP:[MD5.7436DD4652A62428B54358D194BA00F3] - 21/03/2013 - 4:27:30 ---A- - C:\Windows\Prefetch\LOGONUI.EXE-F639BD7E.pf O45 - LFCP:[MD5.FD3F37E31C50FA86840033C94E4605BA] - 21/03/2013 - 4:27:37 ---A- - C:\Windows\Prefetch\PfSvPerfStats.bin O45 - LFCP:[MD5.342C5C9B3FDEBFFC603120F83139999F] - 21/03/2013 - 4:29:07 ---A- - C:\Windows\Prefetch\AVGNT.EXE-39B0C714.pf O45 - LFCP:[MD5.C79B07EAC559C2EBE8DDF30CA44E0794] - 21/03/2013 - 4:29:07 ---A- - C:\Windows\Prefetch\GOOGLEUPDATE.EXE-0E1E7B82.pf O45 - LFCP:[MD5.068BB904D58CCFF42CB62FCB75285148] - 21/03/2013 - 4:29:07 ---A- - C:\Windows\Prefetch\MBAMGUI.EXE-DE4DD695.pf O45 - LFCP:[MD5.AD223B8E58B931AB0803D2B8AB54B90B] - 21/03/2013 - 4:29:07 ---A- - C:\Windows\Prefetch\NOTEPAD.EXE-C5670914.pf O45 - LFCP:[MD5.2D750802ADB73C6FF15205FF88EC6CFF] - 21/03/2013 - 4:29:07 ---A- - C:\Windows\Prefetch\RUNONCE.EXE-FB4EF753.pf O45 - LFCP:[MD5.4FAD3ED201C87F92FEDA095411422D49] - 21/03/2013 - 4:29:07 ---A- - C:\Windows\Prefetch\TASKENG.EXE-35FA9C06.pf O45 - LFCP:[MD5.24663196BE1C55E117B4394B245834B4] - 21/03/2013 - 4:29:09 ---A- - C:\Windows\Prefetch\WOW_HELPER.EXE-DFE8BAD2.pf O45 - LFCP:[MD5.9B16D5BC78538774E2048C12677854D5] - 21/03/2013 - 4:29:15 ---A- - C:\Windows\Prefetch\IEXPLORE.EXE-A033F7A0.pf O45 - LFCP:[MD5.115D66AE11C43266BE47B48044287672] - 21/03/2013 - 4:29:16 ---A- - C:\Windows\Prefetch\ACRORD32.EXE-56554EBE.pf O45 - LFCP:[MD5.8EE44D50AA36157CB7C1FFFDB88F5F09] - 21/03/2013 - 4:29:23 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-EDA5A3D2.pf O45 - LFCP:[MD5.363BAD4A267BC6C9AE76A41CD9F4952C] - 21/03/2013 - 4:29:35 ---A- - C:\Windows\Prefetch\FIREFOX.EXE-359C61A4.pf O45 - LFCP:[MD5.99976F41C4143F80E9EEB83C4CE67EF6] - 21/03/2013 - 4:30:06 ---A- - C:\Windows\Prefetch\IPMGUI.EXE-49390A43.pf O45 - LFCP:[MD5.7942F786B2425B30802A56D1A3531E25] - 21/03/2013 - 4:30:34 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-16B291C4.pf O45 - LFCP:[MD5.CF014D591114FD843EA9728E78DDDD8C] - 21/03/2013 - 4:30:34 ---A- - C:\Windows\Prefetch\MSCORSVW.EXE-8CE1A322.pf O45 - LFCP:[MD5.42428315AFB5FEC66D77E9DCC7C15EFE] - 21/03/2013 - 4:30:35 ---A- - C:\Windows\Prefetch\GOOGLECRASHHANDLER.EXE-9F946A4C.pf O45 - LFCP:[MD5.13EB6EC36CB517C9191C545A09BEA7CC] - 21/03/2013 - 4:30:47 ---A- - C:\Windows\Prefetch\NASVC.EXE-71531C34.pf O45 - LFCP:[MD5.B5470ABADF065F8E64406EC555B0219F] - 21/03/2013 - 4:31:03 ---A- - C:\Windows\Prefetch\ADOBEARM.EXE-F9223367.pf O45 - LFCP:[MD5.589BC0724DEABF300D7B5512D3573C59] - 21/03/2013 - 4:32:37 ---A- - C:\Windows\Prefetch\WMIADAP.EXE-BB21CD77.pf O45 - LFCP:[MD5.C3D8BC6E8E2808D221465763EE372E97] - 21/03/2013 - 4:32:38 ---A- - C:\Windows\Prefetch\WMIPRVSE.EXE-E8B8DD29.pf O45 - LFCP:[MD5.E8FAD2C6D044A5A0539420E300E4A15F] - 21/03/2013 - 4:33:03 ---A- - C:\Windows\Prefetch\READER_SL.EXE-736A84E3.pf O45 - LFCP:[MD5.E5CCDC7EF2256498C02C1F97F48F6399] - 21/03/2013 - 4:33:05 ---A- - C:\Windows\Prefetch\REGSVR32.EXE-03D3FB87.pf O45 - LFCP:[MD5.07B5D9A8EE4306FAAE9A0CE6556C9A22] - 21/03/2013 - 4:33:15 ---A- - C:\Windows\Prefetch\MBAM.EXE-493D9B94.pf O45 - LFCP:[MD5.282B3A18915DF08432CBE03710E10774] - 21/03/2013 - 4:35:47 ---A- - C:\Windows\Prefetch\PLUGIN-CONTAINER.EXE-6B605020.pf O45 - LFCP:[MD5.9B2F41F40AEE66AE5AEA1C8E5A76DFBB] - 21/03/2013 - 4:37:03 ---A- - C:\Windows\Prefetch\SEARCHPROTOCOLHOST.EXE-69C456C3.pf O45 - LFCP:[MD5.B47B705FDBAAD9C3AC58A4E17635E1BB] - 21/03/2013 - 4:37:04 ---A- - C:\Windows\Prefetch\SEARCHFILTERHOST.EXE-44162447.pf O45 - LFCP:[MD5.99298C47EE0A0941B8F33BAB4C6C4474] - 21/03/2013 - 4:37:34 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-4B6CB38A.pf O45 - LFCP:[MD5.B7C1E2E5B4B9F4D35372700CE10A9ED5] - 21/03/2013 - 4:39:22 ---A- - C:\Windows\Prefetch\CONSENT.EXE-40419367.pf O45 - LFCP:[MD5.7C591A259328529685AE16AC3FC54596] - 21/03/2013 - 4:39:27 ---A- - C:\Windows\Prefetch\DLLHOST.EXE-6389524F.pf O45 - LFCP:[MD5.C46981FCA75B8AE2BEB81B5C27400203] - 21/03/2013 - 4:39:45 ---A- - C:\Windows\Prefetch\SEAPORT.EXE-69B0E9F6.pf O45 - LFCP:[MD5.6E05D4D3673D121968D45F1368029763] - 21/03/2013 - 4:40:51 ---A- - C:\Windows\Prefetch\AVWSC.EXE-FC348DC0.pf O45 - LFCP:[MD5.C84FF48E6C28D4FAC5EA12533FAF12E5] - 21/03/2013 - 4:40:58 ---A- - C:\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf O45 - LFCP:[MD5.7EBA59F924F7931AFFD0A5579A8CC00D] - 21/03/2013 - 4:41:00 ---A- - C:\Windows\Prefetch\SPPSVC.EXE-96070FE0.pf O45 - LFCP:[MD5.2C2C1DE6CD3711718AB6DFEAFBA13DAE] - 21/03/2013 - 4:41:29 ---A- - C:\Windows\Prefetch\SVCHOST.EXE-6E1A6101.pf O45 - LFCP:[MD5.12B845825C4B5C8ECCA87961BA0D4CD8] - 21/03/2013 - 4:41:45 ---A- - C:\Windows\Prefetch\WERMGR.EXE-F439C551.pf O45 - LFCP:[MD5.F435CEC88F2EC907960A2F773FE79189] - 21/03/2013 - 4:42:04 ---A- - C:\Windows\Prefetch\RUNDLL32.EXE-D2A040D5.pf O45 - LFCP:[MD5.5EA57BF304CF2AAE5FDA253628C11D3A] - 27/02/2013 - 8:04:26 ---A- - C:\Windows\Prefetch\AgCx_SC3_0002DD19727DBF5F.db O45 - LFCP:[MD5.736F2275D67C5A03E6EEE7230F8A8B2C] - 28/02/2013 - 7:28:05 ---A- - C:\Windows\Prefetch\AgCx_SC3_0F505FC2744800B0.db ~ Prefetcher: Legitimates Scanned in 00mn 02s ---\\ Local Security Authority-LSA Deny (O48) O48 - LSA:Local Security Authority Authentication Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll O48 - LSA:Local Security Authority Notification Packages . (.Microsoft Corporation - Windows Security Configuration Editor Client Engine.) -- C:\Windows\System32\scecli.dll O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\EgisPwdFilter.dll O48 - LSA:Local Security Authority Notification Packages . (...) -- C:\Windows\System32\EgisDSPwdFilter.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Kerberos Security Package.) -- C:\Windows\System32\kerberos.dll O48 - LSA:Local Security Authority Security Packages . (.Microsoft Corporation - Microsoft Authentication Package v1.0.) -- C:\Windows\System32\msv1_0.dll ~ Keys: 11 Legitimates Scanned in 00mn 00s ---\\ Safe Boot Control (O49) O49 - CSB:Control Safe Boot HKLM\...\CCS\Minimal\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys O49 - CSB:Control Safe Boot HKLM\...\CCS\Network\sermouse.sys . (.Microsoft Corporation - Serial Mouse Filter Driver.) -- C:\Windows\System32\Drivers\sermouse.sys ~ CSB: 13 Legitimates Scanned in 00mn 00s ---\\ MountPoints2 Shell Key (MPKS) (O51) O51 - MPSK:{2ff9f1c1-37d6-11e1-b37b-806e6f6e6963}\AutoRun\command. (.Macrovision Corporation - DemoShield Multi-CD Launch.) -- E:\Autorun.exe ~ Keys: Legitimates Scanned in 00mn 02s ---\\ Trojan Driver Search Data (HKLM)(TDSD) (O52) O52 - TDSD: \Drivers32\"msacm.l3acm"="C:\Windows\System32\l3codeca.acm" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm O52 - TDSD: \drivers.desc\"C:\Windows\System32\l3codeca.acm"="Fraunhofer IIS MPEG Layer-3 Codec" . (.Fraunhofer Institut Integrierte Schaltungen - MPEG Layer-3 Audio Codec for MSACM.) -- C:\Windows\System32\l3codeca.acm ~ Keys: Legitimates Scanned in 00mn 00s ---\\ ShareTools MSconfig StartupReg (SMSR) (O53) O53 - SMSR:HKLM\...\startupreg\BackupManagerTray [Key] . (.NTI Corporation - Acer Backup Manager.) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O53 - SMSR:HKLM\...\startupreg\HotKeysCmds [Key] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe O53 - SMSR:HKLM\...\startupreg\IgfxTray [Key] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe O53 - SMSR:HKLM\...\startupreg\ISUSPM Startup [Key] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe O53 - SMSR:HKLM\...\startupreg\ISUSScheduler [Key] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe O53 - SMSR:HKLM\...\startupreg\Persistence [Key] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe O53 - SMSR:HKLM\...\startupreg\ProShieldTSR [Key] . (.Egis Technology Inc. - Security solution.) -- C:\Program Files\Acer ProShield\EgisTSR.exe ~ SMSR Keys: Legitimates Scanned in 00mn 00s ---\\ Microsoft Control Security Providers (MCSP) (O54) O54 - MCSP:[HKLM\...\CurrentControlSet\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll O54 - MCSP:[HKLM\...\ControlSet001\Control] - (SecurityProviders) - (.Microsoft Corporation - Credential Delegation Security Package.) -- C:\Windows\System32\credssp.dll ~ Keys: Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies System (MWPS) (O55) O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=5 O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=3 O55 - MWPS:[HKLM\...\Policies\System] - "EnableInstallerDetection"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableSecureUIAPaths"=1 O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0 O55 - MWPS:[HKLM\...\Policies\System] - "EnableVirtualization"=1 O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=1 O55 - MWPS:[HKLM\...\Policies\System] - "ValidateAdminCodeSignatures"=0 O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticetext"=0 O55 - MWPS:[HKLM\...\Policies\System] - "scforceoption"=0 O55 - MWPS:[HKLM\...\Policies\System] - "shutdownwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "undockwithoutlogon"=1 O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0 ~ Keys: Legitimates Scanned in 00mn 00s ---\\ Microsoft Windows Policies Explorer (MWPE) (O56) O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktop"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1 O56 - MWPE:[HKLM\...\policies\Explorer] - "ForceActiveDesktopOn"=0 ~ Keys: Legitimates Scanned in 00mn 00s ---\\ System Drivers List (SDL) (O58) O58 - SDL:[MD5.2F6B34B83843F0C5118B63AC634F5BF4] - 13/07/2009 - 17:52:21 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [491088] O58 - SDL:[MD5.A16FB34E56C781DC56BE7492315655B9] - 03/08/2005 - 15:05:02 ---A- . (.Prolific Technology Inc. - USB-Serial USB Driver.) -- C:\Windows\SysWOW64\SER9PL.sys [35892] ~ Drivers: Legitimates Scanned in 00mn 00s ---\\ Last modified or created user files (O61) O61 - LFC: 20/03/2013 - 7:15:46 ---A- C:\Users\MAEG\AppData\Local\Google\Chrome\User Data\Certificate Revocation Lists [266478] O61 - LFC: 20/03/2013 - 7:15:46 ---A- C:\Users\MAEG\AppData\Local\Temp\CRX_75DAF8CB7768\crl-set [266478] O61 - LFC: 20/03/2013 - 7:15:46 ---A- C:\Users\MAEG\AppData\Local\Temp\CRX_75DAF8CB7768\manifest.json [34] O61 - LFC: 20/03/2013 - 8:45:54 ---A- C:\Users\MAEG\AppData\Local\Temp\PCULog0.txt [1101] O61 - LFC: 20/03/2013 - 8:45:54 ---A- C:\Users\MAEG\AppData\Roaming\Corel\Graphics13\User Color\icmprof.cat [2872] O61 - LFC: 20/03/2013 - 8:51:29 ---A- C:\Users\MAEG\Downloads\20130313_150853.jpg [1582251] O61 - LFC: 20/03/2013 - 8:55:13 ---A- C:\Users\MAEG\AppData\Roaming\Corel\Graphics13\User Workspace\CorelDRAW\_default\PREVIEWUIConfig.xml [13406] O61 - LFC: 20/03/2013 - 8:56:08 ---A- C:\Users\MAEG\AppData\Roaming\Corel\Graphics13\User Config\CORELGFX.INI [296] O61 - LFC: 20/03/2013 - 8:57:28 ---A- C:\Users\MAEG\AppData\Local\Google\Chrome\User Data\Service State [52] O61 - LFC: 20/03/2013 - 8:58:53 ---A- C:\Users\MAEG\AppData\Local\Google\Chrome\User Data\Local State [103009] O61 - LFC: 20/03/2013 - 8:58:53 ---A- C:\Users\MAEG\AppData\Local\Google\Chrome\User Data\chrome_shutdown_ms.txt [4] O61 - LFC: 20/03/2013 - 9:09:13 ---A- C:\Users\MAEG\AppData\Roaming\Corel\Graphics13\User Custom Data\Object Data\ObjectData.xml [896] O61 - LFC: 20/03/2013 - 9:09:14 ---A- C:\Users\MAEG\AppData\Roaming\Corel\Graphics13\User Draw\YahooSearchMRU.xml [42] O61 - LFC: 21/03/2013 - 3:46:47 -SHA- C:\Users\MAEG\AppData\Local\Temp\Cookies\index.dat [16384] O61 - LFC: 21/03/2013 - 3:46:47 -SHA- C:\Users\MAEG\AppData\Local\Temp\History\History.IE5\index.dat [16384] O61 - LFC: 21/03/2013 - 4:23:51 ---A- C:\Users\MAEG\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-2013-03-21 (04-47-43).txt [2186] O61 - LFC: 21/03/2013 - 4:25:50 ---A- C:\Users\MAEG\Downloads\adwcleaner.exe [609993] O61 - LFC: 21/03/2013 - 4:27:16 --HA- C:\Users\MAEG\AppData\Local\IconCache.db [2426448] O61 - LFC: 21/03/2013 - 4:33:08 ---A- C:\Users\MAEG\AppData\Local\Temp\~DF0B937A788F11A20D.TMP [327680] O61 - LFC: 21/03/2013 - 4:37:09 ---A- C:\Users\MAEG\Downloads\ZHPDiag2.exe [5427270] ~ Files: 59 Legitimates Scanned in 00mn 07s ---\\ List all tools cleaner (LATC) (O63) O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 ~ ADS: Legitimates Scanned in 00mn 00s ---\\ List all legacy services(LALS) (O64) O64 - Services: CurCS - 27/12/2011 - C:\Windows\system32\drivers\afd.sys (AFD) .(.Microsoft Corporation - Ancillary Function Driver for WinSock.) - LEGACY_AFD O64 - Services: CurCS - 22/02/2013 - C:\Windows\System32\DRIVERS\avgntflt.sys (avgntflt) .(.Avira Operations GmbH & Co. KG - Avira Minifilter Driver.) - LEGACY_AVGNTFLT O64 - Services: CurCS - 22/02/2013 - C:\Windows\System32\DRIVERS\avipbb.sys (avipbb) .(.Avira Operations GmbH & Co. KG - Avira Driver for Security Enhancement.) - LEGACY_AVIPBB O64 - Services: CurCS - 22/02/2013 - C:\Windows\System32\DRIVERS\avkmgr.sys (avkmgr) .(.Avira Operations GmbH & Co. KG - Avira Manager Driver.) - LEGACY_AVKMGR O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\clfs.sys (CLFS) .(.Microsoft Corporation - Common Log File System Driver.) - LEGACY_CLFS O64 - Services: CurCS - 01/06/2012 - C:\Windows\System32\Drivers\cng.sys (CNG) .(.Microsoft Corporation - Kernel Cryptography, Next Generation.) - LEGACY_CNG O64 - Services: CurCS - 11/03/2008 - C:\Windows\System32\DRIVERS\eLock2FSCTLDriver.sys (eLock2FSCTLDriver) .(.Acer, Inc. - ELock File System Filter Driver.) - LEGACY_ELOCK2FSCTLDRIVER O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\fvevol.sys (fvevol) .(.Microsoft Corporation - BitLocker Drive Encryption Driver.) - LEGACY_FVEVOL O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\hwpolicy.sys (hwpolicy) .(.Microsoft Corporation - Hardware Policy Driver.) - LEGACY_HWPOLICY O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\DRIVERS\lltdio.sys (lltdio) .(.Microsoft Corporation - Link-Layer Topology Mapper I/O Driver.) - LEGACY_LLTDIO O64 - Services: CurCS - 14/12/2012 - C:\Windows\system32\drivers\mbam.sys (MBAMProtector) .(.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - LEGACY_MBAMPROTECTOR O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\wkssvc.dll (mrxsmb20) .(.Microsoft Corporation - Workstation Service DLL.) - LEGACY_MRXSMB20 O64 - Services: CurCS - 27/10/2012 - C:\Windows\System32\DRIVERS\mwlPSDFilter.sys (mwlPSDFilter) .(.Egis Technology Inc. - PSD Mini Filter Driver.) - LEGACY_MWLPSDFILTER O64 - Services: CurCS - 27/10/2012 - C:\Windows\System32\DRIVERS\mwlPSDNServ.sys (mwlPSDNServ) .(.Egis Technology Inc. - MyWinLocker PSD Named Pipe Driver.) - LEGACY_MWLPSDNSERV O64 - Services: CurCS - 27/10/2012 - C:\Windows\System32\DRIVERS\mwlPSDVDisk.sys (mwlPSDVDisk) .(.Egis Technology Inc. - MyWinLocker PSD Virtual Disk Driver.) - LEGACY_MWLPSDVDISK O64 - Services: CurCS - 22/08/2012 - C:\Windows\system32\drivers\ndis.sys (NDIS) .(.Microsoft Corporation - NDIS 6.20 driver.) - LEGACY_NDIS O64 - Services: CurCS - 20/11/2010 - C:\Windows\system32\drivers\netbt.sys (NetBT) .(.Microsoft Corporation - MBT Transport driver.) - LEGACY_NETBT O64 - Services: CurCS - 20/11/2010 - C:\Windows\System32\drivers\pacer.sys (Psched) .(.Microsoft Corporation - QoS Packet Scheduler.) - LEGACY_PSCHED O64 - Services: CurCS - 13/07/2009 - C:\Windows\System32\DRIVERS\rspndr.sys (rspndr) .(.Microsoft Corporation - Link-Layer Topology Responder Driver for ND.) - LEGACY_RSPNDR O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV O64 - Services: CurCS - 13/07/2011 - C:\Windows\System32\DRIVERS\srvnet.sys (srvnet) .(.Microsoft Corporation - Server Network driver.) - LEGACY_SRVNET O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\drivers\vga.sys (VgaSave) .(.Microsoft Corporation - VGA/Super VGA Video Driver.) - LEGACY_VGASAVE O64 - Services: CurCS - 22/09/2009 - C:\Windows\System32\DRIVERS\vpcnfltr.sys (vpcnfltr) .(.Microsoft Corporation - Virtual PC Network Filter Driver.) - LEGACY_VPCNFLTR O64 - Services: CurCS - 13/07/2009 - C:\Windows\system32\rascfg.dll (Wanarpv6) .(.Microsoft Corporation - RAS Configuration Objects.) - LEGACY_WANARPV6 ~ Services: Legitimates Scanned in 00mn 00s ---\\ File Associations Shell Spawning (O67) O67 - Shell Spawning: <.bat> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKLM\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKLM\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKLM\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O67 - Shell Spawning: <.js> [HKLM\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKLM\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.bat> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.cpl> [HKCR\..\cplopen\Command] (.Microsoft Corporation - Windows Control Panel.) -- C:\Windows\System32\control.exe O67 - Shell Spawning: <.cmd> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.com> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.evt> [HKCR\..\open\Command] (.Microsoft Corporation - Event Viewer Snapin Launcher.) -- C:\Windows\System32\eventvwr.exe O67 - Shell Spawning: <.exe> [HKCR\..\open\Command] (...) -- "%1" %* O67 - Shell Spawning: <.html> [HKCR\..\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O67 - Shell Spawning: <.js> [HKCR\..\open\Command] (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\WScript.exe O67 - Shell Spawning: <.reg> [HKCR\..\open\Command] (.Microsoft Corporation - Registry Editor.) -- C:\Windows\regedit.exe ~ Keys: Legitimates Scanned in 00mn 00s ---\\ Start Menu Internet (SMI) (O68) O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe ~ Keys: Legitimates Scanned in 00mn 00s ---\\ Search Browser Infection (SBI) (O69) O69 - SBI: prefs.js [MAEG - g4o1yvnw.default] user_pref("weboftrust.search.ask.display", "Ask.com Web Search"); ~ Keys: Legitimates Scanned in 00mn 00s ---\\ Search Svchost Services (SSS) (O83) O83 - Search Svchost Services: AeLookupSvc (AeLookupSvc) . (.Microsoft Corporation - Application Experience Service.) -- C:\Windows\System32\aelupsvc.dll [72192] O83 - Search Svchost Services: CertPropSvc (CertPropSvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: SCPolicySvc (SCPolicySvc) . (.Microsoft Corporation - Microsoft Smartcard Certificate Propagation Service.) -- C:\Windows\System32\certprop.dll [80384] O83 - Search Svchost Services: lanmanserver (lanmanserver) . (.Microsoft Corporation - Server Service DLL.) -- C:\Windows\System32\srvsvc.dll [236032] O83 - Search Svchost Services: gpsvc (gpsvc) . (.Microsoft Corporation - Group Policy Client.) -- C:\Windows\System32\gpsvc.dll [777728] O83 - Search Svchost Services: IKEEXT (IKEEXT) . (.Microsoft Corporation - IKE extension.) -- C:\Windows\System32\ikeext.dll [853504] O83 - Search Svchost Services: AudioSrv (AudioSrv) . (.Microsoft Corporation - Windows Audio Service.) -- C:\Windows\System32\Audiosrv.dll [679424] O83 - Search Svchost Services: Rasauto (Rasauto) . (.Microsoft Corporation - Remote Access AutoDial Manager.) -- C:\Windows\System32\rasauto.dll [99328] O83 - Search Svchost Services: Rasman (Rasman) . (.Microsoft Corporation - Remote Access Connection Manager.) -- C:\Windows\System32\rasmans.dll [344064] O83 - Search Svchost Services: Remoteaccess (Remoteaccess) . (.Microsoft Corporation - Dynamic Interface Manager.) -- C:\Windows\System32\mprdim.dll [97792] O83 - Search Svchost Services: SENS (SENS) . (.Microsoft Corporation - System Event Notification Service (SENS).) -- C:\Windows\System32\sens.dll [64512] O83 - Search Svchost Services: Sharedaccess (Sharedaccess) . (.Microsoft Corporation - Microsoft NAT Helper Components.) -- C:\Windows\System32\ipnathlp.dll [359424] O83 - Search Svchost Services: Tapisrv (Tapisrv) . (.Microsoft Corporation - Microsoft® Windows(TM) Telephony Server.) -- C:\Windows\System32\tapisrv.dll [316928] O83 - Search Svchost Services: TermService (TermService) . (.Microsoft Corporation - Remote Desktop Session Host Server Remote Connections Manager.) -- C:\Windows\System32\termsrv.dll [680960] O83 - Search Svchost Services: wuauserv (wuauserv) . (.Microsoft Corporation - Windows Update Agent.) -- C:\Windows\System32\wuaueng.dll [2428952] O83 - Search Svchost Services: BITS (BITS) . (.Microsoft Corporation - Background Intelligent Transfer Service.) -- C:\Windows\System32\qmgr.dll [849920] O83 - Search Svchost Services: ShellHWDetection (ShellHWDetection) . (.Microsoft Corporation - Windows Shell Services Dll.) -- C:\Windows\System32\shsvcs.dll [370688] O83 - Search Svchost Services: iphlpsvc (iphlpsvc) . (.Microsoft Corporation - Service that offers IPv6 connectivity over an IPv4 network..) -- C:\Windows\System32\iphlpsvc.dll [569344] O83 - Search Svchost Services: seclogon (seclogon) . (.Microsoft Corporation - Secondary Logon Service DLL.) -- C:\Windows\system32\seclogon.dll [30720] O83 - Search Svchost Services: AppInfo (AppInfo) . (.Microsoft Corporation - Application Information Service.) -- C:\Windows\System32\appinfo.dll [70656] O83 - Search Svchost Services: msiscsi (msiscsi) . (.Microsoft Corporation - iSCSI Discovery service.) -- C:\Windows\System32\iscsiexe.dll [156672] O83 - Search Svchost Services: MMCSS (MMCSS) . (.Microsoft Corporation - Multimedia Class Scheduler Service.) -- C:\Windows\System32\mmcss.dll [67584] O83 - Search Svchost Services: SessionEnv (SessionEnv) . (.Microsoft Corporation - Remote Desktop Configuration service.) -- C:\Windows\System32\sessenv.dll [121856] O83 - Search Svchost Services: browser (browser) . (.Microsoft Corporation - Computer Browser Service DLL.) -- C:\Windows\System32\browser.dll [136704] O83 - Search Svchost Services: EapHost (EapHost) . (.Microsoft Corporation - Microsoft EAPHost service.) -- C:\Windows\System32\eapsvc.dll [111104] O83 - Search Svchost Services: schedule (schedule) . (.Microsoft Corporation - Task Scheduler Service.) -- C:\Windows\System32\schedsvc.dll [1110016] O83 - Search Svchost Services: hkmsvc (hkmsvc) . (.Microsoft Corporation - Key Management Service.) -- C:\Windows\System32\kmsvc.dll [90624] O83 - Search Svchost Services: wercplsupport (wercplsupport) . (.Microsoft Corporation - Problem Reports and Solutions.) -- C:\Windows\System32\wercplsupport.dll [84480] O83 - Search Svchost Services: Themes (Themes) . (.Microsoft Corporation - Windows Shell Theme Service Dll.) -- C:\Windows\System32\themeservice.dll [44544] O83 - Search Svchost Services: BDESVC (BDESVC) . (.Microsoft Corporation - BDE Service.) -- C:\Windows\System32\bdesvc.dll [100864] O83 - Search Svchost Services: AppMgmt (AppMgmt) . (.Microsoft Corporation - Software installation Service.) -- C:\Windows\System32\appmgmts.dll [193536] ~ Services: 33 Legitimates Scanned in 00mn 00s ---\\ Search Particular Root Folder (SPRF) (O84) [MD5.6D9B7EDA7D536462EE24CC6F781D9568] [SPRF][21/10/2011] (.Macrovision Corporation - Setup.exe.) -- C:\Users\MAEG\Desktop\PL2303_Prolific_DriverInstaller_v1.5.0.exe [3223429] [MD5.F04DB52C912E543E01B78471666BD876] [SPRF][19/07/2011] (.Unknown owner - Bootstrap Module.) -- C:\Users\MAEG\Desktop\RunClubSanDisk.exe [110592] [MD5.57D98BEA6B7357C5FD3B9B50BE79F219] [SPRF][29/06/2011] (.Gemalto N.V. - RunSanDiskSecureAccess_Win.) -- C:\Users\MAEG\Desktop\RunSanDiskSecureAccess_Win.exe [27311232] [MD5.218434250BC671250CDF72D8AED15932] [SPRF][17/09/2009] (.Unknown owner - WriteTime Microsoft ???????.) -- C:\Users\MAEG\Desktop\WriteTime2009_07-09.exe [303104] [MD5.3FEA9D2EDF23B0283C7A66C8DEA380BD] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player Module.) -- C:\Windows\Downloaded Program Files\dwusplay.dll [24576] [MD5.CDBE35EA59BC9223E4F800BD1DB82D27] [SPRF][25/07/2002] (.InstallShield Software Corporation - InstallShield Update Service Setup Player.) -- C:\Windows\Downloaded Program Files\dwusplay.exe [196608] [MD5.B8F39C9E0F0B71E454DBA431CF3B99C9] [SPRF][11/08/2005] (.Macrovision Corporation - InstallShield Update Service Web Agent.) -- C:\Windows\Downloaded Program Files\isusweb.dll [417792] ~ Files: Legitimates Scanned in 00mn 00s ---\\ Firewall Active Exception List (FirewallRules) (O87) ~ Firewall: 192 Legitimates Scanned in 00mn 01s ---\\ Additionnal Scan (O88) Database Version : v2.11290 - (21/03/2013) Clés trouvées (Keys found) : 12 Valeurs trouvées (Values found) : 0 Dossiers trouvés (Folders found) : 0 Fichiers trouvés (Files found) : 0 [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASMANCS] =>Toolbar.Bing [HKLM\Software\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Installer\Features\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Classes\Installer\Products\90C64EA18BA25EE488BF80DCF07F2FFD] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}] =>Toolbar.Agent [HKLM\Software\Wow6432Node\Microsoft\Tracing\BingBar_RASAPI32] =>Toolbar.Bing [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}] =>Toolbar.Agent [HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing [HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] =>Toolbar.Bing ~ Additionnel: Legitimates Scanned in 00mn 14s ---\\ Router Hijack DNS (O89) (None) ---\\ Product Upgrade Codes (O90) O90 - PUC: "0B54E49C6AA69BF4A9EA2280F5368108" . (.VBA.) -- C:\Windows\Installer\{C94E45B0-6AA6-4FB9-9AAE-22085F631880}\ARPPRODUCTICON.exe O90 - PUC: "0C22D86408082E118BE68BCAF689CC3E" . (.Google Earth.) -- C:\Windows\Installer\{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}\ARPPRODUCTICON.exe O90 - PUC: "20527A23C2CB93C4CAAECBD364F36079" . (.EN.) -- C:\Windows\Installer\{32A72502-BC2C-4C39-ACEA-BC3D463F0697}\ARPPRODUCTICON.exe O90 - PUC: "3910550722C1C544F84A65E451D51B7A" . (.Nero Express 10.) -- C:\Windows\Installer\{70550193-1C22-445C-8FA4-564E155DB1A7}\ARPPRODUCTICON.exe O90 - PUC: "3DB4FB266F1B2AF43888CC6074CAFB68" . (.Nero Multimedia Suite 10 Essentials.) -- C:\Windows\Installer\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}\ARPPRODUCTICON.exe O90 - PUC: "44870A0846AC4ED4BA163DD7BD8E70F4" . (.PDF Architect.) -- C:\Windows\Installer\{80A07844-CA64-4DE4-AB61-D37DDBE8074F}\main_icon O90 - PUC: "4B7DCC80DEE9629408D54CFF8F9689A9" . (.ProShield.) -- C:\Windows\Installer\{08CCD7B4-9EED-4926-805D-C4FFF869989A}\ARPPRODUCTICON.exe O90 - PUC: "5DBB16B0C3ADA9047803C0D33C0B2F07" . (.Backup Manager V3.) -- C:\Windows\Installer\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}\ARPPRODUCTICON.exe O90 - PUC: "7040BB568CC47CD459E2E3FEFD5006A2" . (.Nero Update.) -- C:\Windows\Installer\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}\ARPPRODUCTICON.exe O90 - PUC: "8140A81CA2446814FA890DF805452ACF" . (.Nero DiscSpeed 10 Help (CHM).) -- C:\Windows\Installer\{C18A0418-442A-4186-AF98-D08F5054A2FC}\NeroHelpIcon.BBDB24D3_07A5_496B_AA18_6A3ED03D6698 O90 - PUC: "8193463375979384297CAE69BC26A189" . (.Nero Express 10 Help (CHM).) -- C:\Windows\Installer\{33643918-7957-4839-92C7-EA96CB621A98}\NeroHelpIcon.BBDB24D3_07A5_496B_AA18_6A3ED03D6698 O90 - PUC: "90C64EA18BA25EE488BF80DCF07F2FFD" . (.Bing Bar.) -- C:\Windows\Installer\{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}\icon_installer_ico O90 - PUC: "9A3215C78A0344C498AC8A8CA7F1CC19" . (.CorelDRAW Graphics Suite X3.) -- C:\Windows\Installer\{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}\ARPPRODUCTICON.exe O90 - PUC: "B1B2B325BD8D14B409FF4C7D992E57A8" . (.Nero ControlCenter 10 Help (CHM).) -- C:\Windows\Installer\{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}\NeroHelpIcon.BBDB24D3_07A5_496B_AA18_6A3ED03D6698 O90 - PUC: "B32F89E4823122346ACEE2CDF83C4AEF" . (.FontNav.) -- C:\Windows\Installer\{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}\ARPPRODUCTICON.exe O90 - PUC: "C9F7116F5BDA0954B94E217CEB2C7820" . (.Nero StartSmart 10 Help (CHM).) -- C:\Windows\Installer\{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}\NeroHelpIcon.BBDB24D3_07A5_496B_AA18_6A3ED03D6698 O90 - PUC: "E4F094430D84E29428944BB8CE0F35C7" . (.Nero DiscSpeed 10.) -- C:\Windows\Installer\{34490F4E-48D0-492E-8249-B48BECF0537C}\ARPPRODUCTICON.exe O90 - PUC: "E984D16F44C6CA94DA20D78ACA7AA356" . (.Nero StartSmart 10.) -- C:\Windows\Installer\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}\ARPPRODUCTICON.exe O90 - PUC: "F998BFD62A710F845A33DED88666FC83" . (.Nero Control Center 10.) -- C:\Windows\Installer\{6DFB899F-17A2-48F0-A533-ED8D6866CF38}\ARPPRODUCTICON.exe ~ Update Products: 102 Legitimates Scanned in 00mn 00s ---\\ General States of Services not Microsoft (EGS) (SR=Running, SS=Stopped) SS - | Demand 20/03/2013 253656 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe SR - | Auto 22/02/2013 400608 | (AntiVirMailService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe SR - | Auto 22/02/2013 86752 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe SR - | Auto 22/02/2013 110816 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe SR - | Auto 22/02/2013 565472 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.exe SR - | Auto 12/05/2009 502784 | (ASLSvc) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer SmartBoot\ASLSvc.exe SR - | Auto 11/06/2012 193616 | (BBSvc) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe SR - | Demand 11/06/2012 240208 | (BBUpdate) . (.Microsoft Corporation..) - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe SR - | Auto 04/06/2011 212016 | (EgisTec Ticket Service) . (.Egis Technology Inc..) - C:\Program Files\Common Files\EgisTec\Services\EgisTicketService.exe SR - | Auto 30080 | (eLockService) . (...) - C:\Program Files\Acer\Empowering Technology\eLock\Service\eLockServ.exe SR - | Auto 30080 | (ETService) . (...) - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe SR - | Auto 29/05/2011 36456 | (GREGService) . (.Acer Incorporated.) - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe SS - | Auto 22/02/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SS - | Demand 22/02/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe SR - | Auto 22/04/2011 244624 | (Live Updater Service) . (.Acer Incorporated.) - C:\Program Files\Acer\Acer Updater\UpdaterService.exe SR - | Auto 14/12/2012 398184 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe SR - | Auto 14/12/2012 682344 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe SS - | Demand 12/03/2013 115608 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe SR - | Auto 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SR - | Auto 23/04/2011 256832 | (NTI IScheduleSvc) . (.NTI Corporation.) - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe SR - | Auto 09/01/2013 1324104 | (PDF Architect Helper Service) . (.pdfforge GbR.) - C:\Program Files (x86)\PDF Architect\HelperService.exe SR - | Auto 09/01/2013 795208 | (PDF Architect Service) . (.pdfforge GbR.) - C:\Program Files (x86)\PDF Architect\ConversionService.exe SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe SS - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe SS - | Demand 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe SS - | Demand 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe ~ Services: Legitimates Scanned in 00mn 02s ---\\ Search Master Boot Record Infection (MBR)(O80) Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Run by MAEG at 21/03/2013 5:44:31 device: opened successfully user: error reading MBR Disk trace: error: Read The handle is invalid. kernel: error reading MBR ~ MBR: Legitimates Scanned in 00mn 02s ---\\ Search Master Boot Record Infection (MBRCheck)(O80) Written by ad13, http://ad13.geekstog Run by MAEG at 21/03/2013 5:44:33 ********* Dump file Name ********* C:\PhysicalDisk0_MBR.bin ~ MBR: Legitimates Scanned in 00mn 04s End of the scan (950 lines in 03mn 45s)(0)