Publicité
Publicité
Format du document : text/plain
Prévisualisation
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Lilian (administrator) on LILIAN-PC on 26-03-2014 22:02:48
Running from C:\Users\Lilian\Desktop
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\windows\SYSTEM32\Rezip.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-3839526648-640461978-1128981970-1000\...\Run: [Google Update] - C:\Users\Lilian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-01-01] (Google Inc.)
HKU\S-1-5-21-3839526648-640461978-1128981970-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-3839526648-640461978-1128981970-1000\...\MountPoints2: {22ba7fea-e2d1-11e0-913f-00245465364c} - H:\HPLauncher.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=4&cf=1ab11916-5b37-11e1-81a8-00245465364c
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM - {59F070C3-C835-4418-ADD8-5AB47A281D6E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://startsear.ch/?aff=4&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {269D9A7B-51B5-410F-B20B-50880BFD5FAD} URL = http://startsear.ch/?aff=1&src=sp&cf=1ab11916-5b37-11e1-81a8-00245465364c&q={searchTerms}
SearchScopes: HKCU - {59F070C3-C835-4418-ADD8-5AB47A281D6E} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://startsear.ch/?aff=4&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Winsock: Catalog9 41 mswsock.dll File Not found ()
Winsock: Catalog9 42 mswsock.dll File Not found ()
Winsock: Catalog9 43 mswsock.dll File Not found ()
Winsock: Catalog9 44 mswsock.dll File Not found ()
Winsock: Catalog9 45 mswsock.dll File Not found ()
Winsock: Catalog9 46 mswsock.dll File Not found ()
Winsock: Catalog9 47 mswsock.dll File Not found ()
Winsock: Catalog9 48 mswsock.dll File Not found ()
Winsock: Catalog9 49 mswsock.dll File Not found ()
Winsock: Catalog9 50 mswsock.dll File Not found ()
Winsock: Catalog9 51 mswsock.dll File Not found ()
Winsock: Catalog9 52 mswsock.dll File Not found ()
Winsock: Catalog9 53 mswsock.dll File Not found ()
Winsock: Catalog9 54 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (StartSearch Video plug-in) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Lilian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Angry Birds) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-09-17]
CHR Extension: (Eurosport.com) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfckibmjhbkjhjplimmnlnmgienindde [2011-09-17]
CHR Extension: (Google Wallet) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR StartMenuInternet: Google Chrome - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136672 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-23] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-03-02] (DT Soft Ltd)
R3 rtl819xp; C:\windows\System32\DRIVERS\rtl819xp.sys [559208 2011-01-06] (Realtek Semiconductor Corporation )
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-23] (Avira GmbH)
S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [26112 2010-12-01] (The OpenVPN Project)
U3 TrueSight; C:\windows\system32\TrueSight.sys [26624 2014-03-26] ()
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-26 22:02 - 2014-03-26 22:03 - 00016233 _____ () C:\Users\Lilian\Desktop\FRST.txt
2014-03-26 22:02 - 2014-03-26 22:02 - 01145856 _____ (Farbar) C:\Users\Lilian\Desktop\FRST.exe
2014-03-26 22:02 - 2014-03-26 22:02 - 00000000 ____D () C:\FRST
2014-03-26 22:01 - 2014-03-26 22:01 - 01145856 _____ (Farbar) C:\Users\Lilian\Downloads\FRST.exe
2014-03-26 21:27 - 2014-03-26 21:27 - 00001832 _____ () C:\windows\PFRO.log
2014-03-26 21:25 - 2014-03-26 21:25 - 00017843 _____ () C:\Users\Lilian\Desktop\RKreport[0]_D_03262014_212540.txt
2014-03-26 21:25 - 2014-03-26 21:25 - 00014584 _____ () C:\Users\Lilian\Desktop\RKreport[0]_S_03262014_212515.txt
2014-03-26 21:22 - 2014-03-26 21:22 - 00026624 _____ () C:\windows\system32\TrueSight.sys
2014-03-26 18:35 - 2014-03-26 21:25 - 00000000 ____D () C:\Users\Lilian\Desktop\RK_Quarantine
2014-03-26 18:17 - 2014-03-26 18:34 - 00000000 ____D () C:\Users\Lilian\Desktop\TDSSKiller
2014-03-26 18:15 - 2014-03-26 18:15 - 03945472 _____ () C:\Users\Lilian\Desktop\RogueKiller.exe
2014-03-22 10:44 - 2014-03-26 21:28 - 00000336 _____ () C:\windows\setupact.log
2014-03-22 10:44 - 2014-03-22 10:44 - 00000000 _____ () C:\windows\setuperr.log
==================== One Month Modified Files and Folders =======
2014-03-26 22:03 - 2014-03-26 22:02 - 00016233 _____ () C:\Users\Lilian\Desktop\FRST.txt
2014-03-26 22:03 - 2011-01-01 01:54 - 00001082 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839526648-640461978-1128981970-1000UA.job
2014-03-26 22:02 - 2014-03-26 22:02 - 01145856 _____ (Farbar) C:\Users\Lilian\Desktop\FRST.exe
2014-03-26 22:02 - 2014-03-26 22:02 - 00000000 ____D () C:\FRST
2014-03-26 22:01 - 2014-03-26 22:01 - 01145856 _____ (Farbar) C:\Users\Lilian\Downloads\FRST.exe
2014-03-26 21:35 - 2009-07-14 05:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:35 - 2009-07-14 05:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:34 - 2012-08-30 15:09 - 00001056 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 21:34 - 2012-08-30 15:09 - 00001052 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 21:28 - 2014-03-22 10:44 - 00000336 _____ () C:\windows\setupact.log
2014-03-26 21:28 - 2011-08-01 18:10 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-03-26 21:28 - 2010-12-31 22:06 - 00000000 ____D () C:\Users\Lilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-26 21:28 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-26 21:27 - 2014-03-26 21:27 - 00001832 _____ () C:\windows\PFRO.log
2014-03-26 21:25 - 2014-03-26 21:25 - 00017843 _____ () C:\Users\Lilian\Desktop\RKreport[0]_D_03262014_212540.txt
2014-03-26 21:25 - 2014-03-26 21:25 - 00014584 _____ () C:\Users\Lilian\Desktop\RKreport[0]_S_03262014_212515.txt
2014-03-26 21:25 - 2014-03-26 18:35 - 00000000 ____D () C:\Users\Lilian\Desktop\RK_Quarantine
2014-03-26 21:22 - 2014-03-26 21:22 - 00026624 _____ () C:\windows\system32\TrueSight.sys
2014-03-26 21:05 - 2013-02-24 21:52 - 00001002 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 21:03 - 2011-01-01 01:54 - 00001030 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839526648-640461978-1128981970-1000Core.job
2014-03-26 18:36 - 2009-07-26 21:06 - 01549572 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-26 18:34 - 2014-03-26 18:17 - 00000000 ____D () C:\Users\Lilian\Desktop\TDSSKiller
2014-03-26 18:15 - 2014-03-26 18:15 - 03945472 _____ () C:\Users\Lilian\Desktop\RogueKiller.exe
2014-03-22 10:44 - 2014-03-22 10:44 - 00000000 _____ () C:\windows\setuperr.log
2014-03-20 19:18 - 2011-10-14 13:01 - 00000000 ____D () C:\Users\Lilian\Downloads\EP_En_Sous-Marin
2014-03-20 18:32 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF
2014-03-15 17:27 - 2011-01-01 01:55 - 00002368 _____ () C:\Users\Lilian\Desktop\Google Chrome.lnk
2014-03-13 00:13 - 2013-02-24 21:52 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-13 00:13 - 2013-02-24 21:52 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Files to move or delete:
====================
C:\Users\Lilian\AppData\Roaming\cache.ini
C:\Users\Lilian\AppData\Roaming\cache.dat
Some content of TEMP:
====================
C:\Users\Lilian\AppData\Local\Temp\ntdll_dump.dll
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-06 18:42
==================== End Of Log ============================
Ran by Lilian (administrator) on LILIAN-PC on 26-03-2014 22:02:48
Running from C:\Users\Lilian\Desktop
Microsoft Windows 7 Édition Familiale Premium Service Pack 1 (X86) OS Language: French Standard
Internet Explorer Version 10
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\windows\SYSTEM32\Rezip.exe
() C:\Program Files\CyberLink\Shared files\RichVideo.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(CyberLink) C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
(SEC) C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [8120864 2009-12-15] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1578280 2009-10-10] (Synaptics Incorporated)
HKLM\...\Run: [UpdateLBPShortCut] - C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [CLMLServer] - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM\...\Run: [UpdateP2GoShortCut] - C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [UpdatePDRShortCut] - C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM\...\Run: [RemoteControl8] - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [PDVD8LanguageShortcut] - C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-15] (CyberLink Corp.)
HKLM\...\Run: [UpdatePPShortCut] - C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM\...\Run: [UpdatePSTShortCut] - C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [210216 2009-07-21] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2011-06-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-11] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKU\S-1-5-21-3839526648-640461978-1128981970-1000\...\Run: [Google Update] - C:\Users\Lilian\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-01-01] (Google Inc.)
HKU\S-1-5-21-3839526648-640461978-1128981970-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-3839526648-640461978-1128981970-1000\...\MountPoints2: {22ba7fea-e2d1-11e0-913f-00245465364c} - H:\HPLauncher.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=4&cf=1ab11916-5b37-11e1-81a8-00245465364c
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
SearchScopes: HKLM - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKLM - {59F070C3-C835-4418-ADD8-5AB47A281D6E} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN
SearchScopes: HKLM - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = ${SEARCH_URL}{searchTerms}
SearchScopes: HKCU - DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://startsear.ch/?aff=4&q={searchTerms}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
SearchScopes: HKCU - {269D9A7B-51B5-410F-B20B-50880BFD5FAD} URL = http://startsear.ch/?aff=1&src=sp&cf=1ab11916-5b37-11e1-81a8-00245465364c&q={searchTerms}
SearchScopes: HKCU - {59F070C3-C835-4418-ADD8-5AB47A281D6E} URL =
SearchScopes: HKCU - {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://startsear.ch/?aff=4&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 06 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 09 mswsock.dll File Not found ()
Winsock: Catalog9 10 mswsock.dll File Not found ()
Winsock: Catalog9 11 mswsock.dll File Not found ()
Winsock: Catalog9 12 mswsock.dll File Not found ()
Winsock: Catalog9 13 mswsock.dll File Not found ()
Winsock: Catalog9 14 mswsock.dll File Not found ()
Winsock: Catalog9 15 mswsock.dll File Not found ()
Winsock: Catalog9 16 mswsock.dll File Not found ()
Winsock: Catalog9 17 mswsock.dll File Not found ()
Winsock: Catalog9 18 mswsock.dll File Not found ()
Winsock: Catalog9 19 mswsock.dll File Not found ()
Winsock: Catalog9 20 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [258104] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 21 mswsock.dll File Not found ()
Winsock: Catalog9 22 mswsock.dll File Not found ()
Winsock: Catalog9 23 mswsock.dll File Not found ()
Winsock: Catalog9 24 mswsock.dll File Not found ()
Winsock: Catalog9 25 mswsock.dll File Not found ()
Winsock: Catalog9 26 mswsock.dll File Not found ()
Winsock: Catalog9 27 mswsock.dll File Not found ()
Winsock: Catalog9 28 mswsock.dll File Not found ()
Winsock: Catalog9 29 mswsock.dll File Not found ()
Winsock: Catalog9 30 mswsock.dll File Not found ()
Winsock: Catalog9 31 mswsock.dll File Not found ()
Winsock: Catalog9 32 mswsock.dll File Not found ()
Winsock: Catalog9 33 mswsock.dll File Not found ()
Winsock: Catalog9 34 mswsock.dll File Not found ()
Winsock: Catalog9 35 mswsock.dll File Not found ()
Winsock: Catalog9 36 mswsock.dll File Not found ()
Winsock: Catalog9 37 mswsock.dll File Not found ()
Winsock: Catalog9 38 mswsock.dll File Not found ()
Winsock: Catalog9 39 mswsock.dll File Not found ()
Winsock: Catalog9 40 mswsock.dll File Not found ()
Winsock: Catalog9 41 mswsock.dll File Not found ()
Winsock: Catalog9 42 mswsock.dll File Not found ()
Winsock: Catalog9 43 mswsock.dll File Not found ()
Winsock: Catalog9 44 mswsock.dll File Not found ()
Winsock: Catalog9 45 mswsock.dll File Not found ()
Winsock: Catalog9 46 mswsock.dll File Not found ()
Winsock: Catalog9 47 mswsock.dll File Not found ()
Winsock: Catalog9 48 mswsock.dll File Not found ()
Winsock: Catalog9 49 mswsock.dll File Not found ()
Winsock: Catalog9 50 mswsock.dll File Not found ()
Winsock: Catalog9 51 mswsock.dll File Not found ()
Winsock: Catalog9 52 mswsock.dll File Not found ()
Winsock: Catalog9 53 mswsock.dll File Not found ()
Winsock: Catalog9 54 mswsock.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Chrome:
=======
CHR HomePage:
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\33.0.1750.154\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (StartSearch Video plug-in) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bildoibdboopgomcbiplincneeicgipj\1.3_0\chvsharetvplg.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.300.12) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U30) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\Lilian\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: (Angry Birds) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2011-09-17]
CHR Extension: (Eurosport.com) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfckibmjhbkjhjplimmnlnmgienindde [2011-09-17]
CHR Extension: (Google Wallet) - C:\Users\Lilian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR StartMenuInternet: Google Chrome - C:\Users\Lilian\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-11] (Avira Operations GmbH & Co. KG)
R2 Rezip; C:\windows\SYSTEM32\Rezip.exe [311296 2009-03-05] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared files\RichVideo.exe [247152 2009-07-07] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [88840 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136672 2013-09-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-07-23] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\windows\System32\DRIVERS\dtsoftbus01.sys [218688 2011-03-02] (DT Soft Ltd)
R3 rtl819xp; C:\windows\System32\DRIVERS\rtl819xp.sys [559208 2011-01-06] (Realtek Semiconductor Corporation )
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-07-23] (Avira GmbH)
S3 tap0901; C:\windows\System32\DRIVERS\tap0901.sys [26112 2010-12-01] (The OpenVPN Project)
U3 TrueSight; C:\windows\system32\TrueSight.sys [26624 2014-03-26] ()
R3 yukonw7; C:\windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-26 22:02 - 2014-03-26 22:03 - 00016233 _____ () C:\Users\Lilian\Desktop\FRST.txt
2014-03-26 22:02 - 2014-03-26 22:02 - 01145856 _____ (Farbar) C:\Users\Lilian\Desktop\FRST.exe
2014-03-26 22:02 - 2014-03-26 22:02 - 00000000 ____D () C:\FRST
2014-03-26 22:01 - 2014-03-26 22:01 - 01145856 _____ (Farbar) C:\Users\Lilian\Downloads\FRST.exe
2014-03-26 21:27 - 2014-03-26 21:27 - 00001832 _____ () C:\windows\PFRO.log
2014-03-26 21:25 - 2014-03-26 21:25 - 00017843 _____ () C:\Users\Lilian\Desktop\RKreport[0]_D_03262014_212540.txt
2014-03-26 21:25 - 2014-03-26 21:25 - 00014584 _____ () C:\Users\Lilian\Desktop\RKreport[0]_S_03262014_212515.txt
2014-03-26 21:22 - 2014-03-26 21:22 - 00026624 _____ () C:\windows\system32\TrueSight.sys
2014-03-26 18:35 - 2014-03-26 21:25 - 00000000 ____D () C:\Users\Lilian\Desktop\RK_Quarantine
2014-03-26 18:17 - 2014-03-26 18:34 - 00000000 ____D () C:\Users\Lilian\Desktop\TDSSKiller
2014-03-26 18:15 - 2014-03-26 18:15 - 03945472 _____ () C:\Users\Lilian\Desktop\RogueKiller.exe
2014-03-22 10:44 - 2014-03-26 21:28 - 00000336 _____ () C:\windows\setupact.log
2014-03-22 10:44 - 2014-03-22 10:44 - 00000000 _____ () C:\windows\setuperr.log
==================== One Month Modified Files and Folders =======
2014-03-26 22:03 - 2014-03-26 22:02 - 00016233 _____ () C:\Users\Lilian\Desktop\FRST.txt
2014-03-26 22:03 - 2011-01-01 01:54 - 00001082 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839526648-640461978-1128981970-1000UA.job
2014-03-26 22:02 - 2014-03-26 22:02 - 01145856 _____ (Farbar) C:\Users\Lilian\Desktop\FRST.exe
2014-03-26 22:02 - 2014-03-26 22:02 - 00000000 ____D () C:\FRST
2014-03-26 22:01 - 2014-03-26 22:01 - 01145856 _____ (Farbar) C:\Users\Lilian\Downloads\FRST.exe
2014-03-26 21:35 - 2009-07-14 05:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:35 - 2009-07-14 05:34 - 00014736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-26 21:34 - 2012-08-30 15:09 - 00001056 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-26 21:34 - 2012-08-30 15:09 - 00001052 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-26 21:28 - 2014-03-22 10:44 - 00000336 _____ () C:\windows\setupact.log
2014-03-26 21:28 - 2011-08-01 18:10 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-03-26 21:28 - 2010-12-31 22:06 - 00000000 ____D () C:\Users\Lilian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2014-03-26 21:28 - 2009-07-14 05:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-26 21:27 - 2014-03-26 21:27 - 00001832 _____ () C:\windows\PFRO.log
2014-03-26 21:25 - 2014-03-26 21:25 - 00017843 _____ () C:\Users\Lilian\Desktop\RKreport[0]_D_03262014_212540.txt
2014-03-26 21:25 - 2014-03-26 21:25 - 00014584 _____ () C:\Users\Lilian\Desktop\RKreport[0]_S_03262014_212515.txt
2014-03-26 21:25 - 2014-03-26 18:35 - 00000000 ____D () C:\Users\Lilian\Desktop\RK_Quarantine
2014-03-26 21:22 - 2014-03-26 21:22 - 00026624 _____ () C:\windows\system32\TrueSight.sys
2014-03-26 21:05 - 2013-02-24 21:52 - 00001002 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-26 21:03 - 2011-01-01 01:54 - 00001030 _____ () C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3839526648-640461978-1128981970-1000Core.job
2014-03-26 18:36 - 2009-07-26 21:06 - 01549572 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-26 18:34 - 2014-03-26 18:17 - 00000000 ____D () C:\Users\Lilian\Desktop\TDSSKiller
2014-03-26 18:15 - 2014-03-26 18:15 - 03945472 _____ () C:\Users\Lilian\Desktop\RogueKiller.exe
2014-03-22 10:44 - 2014-03-22 10:44 - 00000000 _____ () C:\windows\setuperr.log
2014-03-20 19:18 - 2011-10-14 13:01 - 00000000 ____D () C:\Users\Lilian\Downloads\EP_En_Sous-Marin
2014-03-20 18:32 - 2009-07-14 03:37 - 00000000 ____D () C:\windows\system32\NDF
2014-03-15 17:27 - 2011-01-01 01:55 - 00002368 _____ () C:\Users\Lilian\Desktop\Google Chrome.lnk
2014-03-13 00:13 - 2013-02-24 21:52 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-03-13 00:13 - 2013-02-24 21:52 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
ZeroAccess:
C:\Program Files\Google\Desktop\Install
Files to move or delete:
====================
C:\Users\Lilian\AppData\Roaming\cache.ini
C:\Users\Lilian\AppData\Roaming\cache.dat
Some content of TEMP:
====================
C:\Users\Lilian\AppData\Local\Temp\ntdll_dump.dll
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe => MD5 is legit
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-06 18:42
==================== End Of Log ============================