¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0416 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 16:00:14 ~ Update on 16/04/2013 | 10.40 by g3n-h@ckm@n ~ Evolution : http://www.security-helpzone.com/forum/Forum-Mises-%C3%A0-jour-Pre-Scan | http://sosvirus.org/viewforum.php?f=229 ~ Pre_Script Infos : http://sosvirus.org/viewtopic.php?f=228&t=312 | http://www.security-helpzone.com/forum/Thread-Les-Switches ~ Pre_scan Feedbacks : http://sosvirus.org/viewforum.php?f=233 | http://www.security-helpzone.com/forum/Forum-Feedbacks-Pre-Scan ~ [utilisateur (Administrator)] - [JONATHAN-PC] ~ SID = S-1-5-21-2368203499-768547317-2015757345-1001 ~ System : Windows 7 Home Premium (64 bits) HomePremium ~ ProcessorNameString : Pentium(R) Dual-Core CPU T4400 @ 2.20GHz ~ Identifier : Intel64 Family 6 Model 23 Stepping 10 ~ Mémory RAM = Total (KB) : 4158550 | Free (KB) : 3472760 ~ Pagefile = Total (KB) : 8315200 | Free (KB) : 7691280 ~ Virtual = Total (KB) : 4194180 | Free (KB) : 4043540 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\ -> [Fixed] | [OS] | Total : 76310 Mo | Free : 22810 Mo -> NTFS d:\ -> [Fixed] | [DATA] | Total : 213940 Mo | Free : 132450 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ~ Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\utilisateur New restorepoint created ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (1344) -- explorer.exe (1408) -- ctfmon.exe (616) -- AvastUI.exe (220) -- firefox.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Safemode [MD5.FA64733BD65F52712F0545F56FDB4BE6] - [10/04/2013 21:38:41] - 308 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.17273) -> \SystemRoot\System32\smss.exe [112640 Ko] [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - 392 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - 428 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - 436 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko] [MD5.2E0C0A67093CA46FF6327DA762678096] - [26/02/2010 13:10:53] - 476 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7600.16447) -> winlogon.exe [389632 Ko] [MD5.3EE6C4A17173C0B6822585296E9AB209] - [14/07/2009 01:19:46] - 524 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [MD5.156F6159457D0AA7E59B62681B56EB90] - [11/01/2012 12:45:53] - 532 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7600.16915) -> C:\Windows\system32\lsass.exe [31232 Ko] [MD5.0AD33AAB964C37BB019AACCF959CC873] - [14/07/2009 02:17:36] - 540 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7600.16385) -> C:\Windows\system32\lsm.exe [333312 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 640 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 712 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 764 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 840 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 872 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 928 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1004 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 348 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1200 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1300 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [27136 Ko] [MD5.A8EDB86FC2A4D6D1285E4C70384AC35A] - [14/07/2009 01:59:17] - 1532 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} [9728 Ko] [MD5.5809C4C68BDF9C719C2F6E4CAFFAB254] - [17/04/2013 15:56:27] - 1236 | C:\Users\utilisateur\Desktop\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.4.16) -> "C:\Users\utilisateur\Desktop\winlogon.exe" [2428313 Ko] [MD5.E7D4792C5B1AC43BD0BA8DE4A7F3FF60] - [27/04/2011 18:34:37] - 1988 | C:\Windows\explorer.exe (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16768) -> explorer.exe [2870272 Ko] [MD5.00BB2B53F40383882D2A8690BC179D3B] - [15/01/2013 00:17:03] - 1092 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.4.14) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe" [311137 Ko] [MD5.A7C197B611BCD43E37D9BC928922AE0D] - [14/07/2009 01:47:34] - 1864 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\wmiprvse.exe [368640 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 Repaired : [HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Deleted : [HKCR\.exe\Shell] Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 28 -> 145 Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO : OK ! ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK ! ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\Windows\SysWOW64\guard32.dll [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\Windows\SysWOW64\guard32.dll [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center : OK ! [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]|[DisableMonitoring] : 1 ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://go.microsoft.com/fwlink/?linkid=54896 -> http://www.google.com/ Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.be/ -> http://www.google.com/ Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/ Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://search.msn.com/spbasic.htm -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://fr.msn.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896 ¤ Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[ProxyOverride] : -> *.local Repaired : [HKU\S-1-5-21-2368203499-768547317-2015757345-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RUA6A8Q.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RYGQXYQ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RDEB4YA.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RT5Z8ZQ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IT5Z8ZQ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IUA6A8Q.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IYGQXYQ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RQ5TCEN.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RPHW3D0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IPHW3D0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IQ5TCEN.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RQK7J4F.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IQK7J4F.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RQE4VZ7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IQE4VZ7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R6U4TTR.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$I6U4TTR.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IDEB4YA.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RDI6N64.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IDI6N64.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RTEW94D.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$ITEW94D.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RFH1Q81.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$IFH1Q81.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RMJVD50\Site Internet Explorer sur Microsoft.com.url Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDMAG.EXE Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\SETUP.EXE Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDCTRL.EXE Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDUNINST.EXE Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ISSETUP.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\_SETUP.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDINST.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDAPI32.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDAPI.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDUNINST.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDAPIX.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDCMDS.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDFAVORITE.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDMCPL.DLL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$R9HBFZC\ETDUI.CPL Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RWZX36B\TNTSIMS2.EXE Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RUB0DMO\TNTSIMS2.EXE Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RDHMWIN\SeeThem2.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RWVVXA6\ImgList.dat Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2368203499-768547317-2015757345-1001\$RR87CSN\Sims2PackInstaller_v16_19.exe Moved to quarantine successfully : C:\Users\utilisateur\AppData\Roaming\SoftGrid Client\userinfo.dat Moved to quarantine successfully : C:\Users\utilisateur\AppData\Roaming\SoftGrid Client\shortcut_ex.dat Moved to quarantine successfully : C:\Users\utilisateur\AppData\Roaming\app\Jerakine_lang_vesrion.dat Moved to quarantine successfully : C:\Users\utilisateur\AppData\Roaming\app\Jerakine_lang.dat Moved to quarantine successfully : C:\Users\utilisateur\AppData\Local\Temp\VP6VFW.dll Moved to quarantine successfully : C:\Users\utilisateur\AppData\Local\Temp\First15.exe Moved to quarantine successfully : C:\Users\utilisateur\AppData\Local\Temp\VP6Install.exe Moved to quarantine successfully : C:\Users\utilisateur\AppData\Local\Temp\VP6.reg Moved to quarantine successfully : C:\Users\utilisateur\Thumbs.db Moved to quarantine successfully : C:\ProgramData\ezsidmv.dat Moved to quarantine successfully : C:\ProgramData\hash.dat Moved to quarantine successfully : C:\Windows\system32\%APPDATA% Moved to quarantine successfully : C:\Windows\syswow64\%APPDATA% Moved to quarantine successfully : C:\RECOVERY.DAT Moved to quarantine successfully : C:\ProgramData\regid.1986-12.com.adobe Moved to quarantine successfully : C:\ProgramData\Spybot - Search & Destroy Moved to quarantine successfully : C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Moved to quarantine successfully : C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Moved to quarantine successfully : C:\Users\utilisateur\AppData\Roaming\mp3DirectCut Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\utilisateur\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Prefetch -> Emptied Suspect : C:\Users\utilisateur\AppData\Roaming\Subversion\config Suspect : C:\Users\utilisateur\AppData\Roaming\Subversion\servers Suspect : C:\Users\utilisateur\AppData\Roaming\vlc\vlcrc Suspect : C:\ProgramData\CPA_VA\CpaUpdateConfigurationFile Suspect : C:\Windows\setup.iss ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 931 | Restored : 930 ~ [Program Files] : Hidden : 3 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Desktop] : Hidden : 4 | Restored : 4 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 149 | Restored : 147 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 24 | Restored : 24 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=305G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 1C-FAT32x 15G No Yes 2,048 30,714,232 1 1 07-NTFS 76G Yes No 30,716,280 156,280,320 2 2 0F-EXTEND 214G No No 186,996,600 438,140,745 ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 [HKLM64 | Winlogon]|[AutoRestartShell] : 1 End : 16:21:02 Pre_Scan_Protect.exe Stopped successfully ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped 15:57:07 : ctfmon.exe 15:57:07 : ctfmon.exe 15:57:07 : ctfmon.exe 15:57:07 : ctfmon.exe 15:57:08 : ctfmon.exe 15:57:11 : ctfmon.exe 15:57:13 : ctfmon.exe 16:00:13 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:00:14 : ctfmon.exe 16:02:13 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:51 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:52 : ctfmon.exe 16:02:58 : ctfmon.exe 16:03:19 : ctfmon.exe 16:03:19 : ctfmon.exe 16:03:19 : ctfmon.exe 16:03:19 : ctfmon.exe 16:03:20 : ctfmon.exe 16:03:20 : ctfmon.exe 16:03:20 : ctfmon.exe 16:03:20 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:21 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:22 : ctfmon.exe 16:03:23 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:26 : ctfmon.exe 16:03:27 : ctfmon.exe 16:03:28 : ctfmon.exe 16:03:28 : ctfmon.exe 16:03:29 : ctfmon.exe 16:03:30 : ctfmon.exe 16:03:30 : ctfmon.exe 16:07:53 : ctfmon.exe 16:07:53 : ctfmon.exe 16:07:53 : ctfmon.exe 16:07:53 : ctfmon.exe 16:08:22 : ctfmon.exe 16:08:23 : ctfmon.exe 16:08:23 : ctfmon.exe 16:08:29 : ctfmon.exe 16:08:43 : ctfmon.exe 16:14:05 : ctfmon.exe 16:14:05 : ctfmon.exe 16:14:11 : ctfmon.exe 16:14:11 : ctfmon.exe 16:14:11 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:16 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:17 : ctfmon.exe 16:14:18 : ctfmon.exe 16:14:18 : ctfmon.exe 16:14:18 : ctfmon.exe 16:14:19 : ctfmon.exe 16:14:19 : ctfmon.exe 16:14:19 : ctfmon.exe 16:14:19 : ctfmon.exe 16:14:19 : ctfmon.exe 16:14:19 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:20 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:21 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:22 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:23 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:24 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:25 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:26 : ctfmon.exe 16:14:27 : ctfmon.exe 16:14:59 : ctfmon.exe 16:15:01 : ctfmon.exe 16:15:02 : ctfmon.exe 16:15:02 : ctfmon.exe 16:15:02 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:03 : ctfmon.exe 16:15:06 : ctfmon.exe 16:15:06 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:07 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:08 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:09 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:10 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:11 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:12 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:13 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:14 : ctfmon.exe 16:15:15 : ctfmon.exe 16:15:15 : ctfmon.exe 16:15:15 : ctfmon.exe 16:21:02 : ctfmon.exe ~ Thx to C_XX , Slyk for their help for the evolution of the tool ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 655