¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0416 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 16:01:47 ~ Update on 16/04/2013 | 10.40 by g3n-h@ckm@n ~ Evolution : http://www.security-helpzone.com/forum/Forum-Mises-%C3%A0-jour-Pre-Scan | http://sosvirus.org/viewforum.php?f=229 ~ Pre_Script Infos : http://sosvirus.org/viewtopic.php?f=228&t=312 | http://www.security-helpzone.com/forum/Thread-Les-Switches ~ Pre_scan Feedbacks : http://sosvirus.org/viewforum.php?f=233 | http://www.security-helpzone.com/forum/Forum-Feedbacks-Pre-Scan ~ [Mareva (Administrator)] - [MAREVA-PC] ~ SID = S-1-5-21-626529243-327759216-3920316985-1000 ~ System : Windows 7 Home Premium (64 bits) HomePremium ~ ProcessorNameString : Intel(R) Pentium(R) CPU P6200 @ 2.13GHz ~ Identifier : Intel64 Family 6 Model 37 Stepping 5 ~ Mémory RAM = Total (KB) : 2871800 | Free (KB) : 1927420 ~ Pagefile = Total (KB) : 5741700 | Free (KB) : 4678150 ~ Virtual = Total (KB) : 4194180 | Free (KB) : 4052650 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\ -> [Fixed] | [Packard Bell] | Total : 463840 Mo | Free : 400640 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ~ Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\Mareva New restorepoint created ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (844) -- ASCService.exe (1528) -- spoolsv.exe (1632) -- IMFsrv.exe (1832) -- taskhost.exe (1120) -- taskeng.exe (1232) -- explorer.exe (1248) -- AmIcoSinglun64.exe (1240) -- igfxtray.exe (2132) -- SynTPEnh.exe (2316) -- Lightshot.exe (2356) -- Ares.exe (2364) -- ASCTray.exe (2432) -- notepad.exe (2744) -- IMF.exe (3068) -- armsvc.exe (2208) -- dsiwmis.exe (1112) -- ePowerSvc.exe (792) -- GREGsvc.exe (2232) -- LMS.exe (2340) -- IScheduleSvc.exe (2088) -- UpdaterService.exe (2576) -- WLIDSVC.EXE (768) -- SearchIndexer.exe (2260) -- WLIDSVCM.EXE (3480) -- SynTPHelper.exe (3808) -- wmpnetwk.exe (4072) -- chrome.exe (3624) -- chrome.exe (3996) -- chrome.exe (3220) -- chrome.exe (2348) -- chrome.exe (4576) -- chrome.exe (4804) -- chrome.exe (4512) -- UNS.exe (1272) -- TrustedInstaller.exe (3288) -- wuauclt.exe (3568) -- taskeng.exe (3548) -- SearchProtocolHost.exe (1108) -- SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 01:19:50] - 340 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.16385) -> \SystemRoot\System32\smss.exe [112640 Ko] [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - 488 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 01:52:37] - 540 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko] [MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 01:19:49] - 556 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [MD5.3EE6C4A17173C0B6822585296E9AB209] - [14/07/2009 01:19:46] - 608 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [MD5.156F6159457D0AA7E59B62681B56EB90] - [26/01/2012 00:52:10] - 616 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7600.16915) -> C:\Windows\system32\lsass.exe [31232 Ko] [MD5.0AD33AAB964C37BB019AACCF959CC873] - [14/07/2009 02:17:36] - 624 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7600.16385) -> C:\Windows\system32\lsm.exe [333312 Ko] [MD5.2E0C0A67093CA46FF6327DA762678096] - [08/09/2010 04:41:06] - 688 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7600.16447) -> winlogon.exe [389632 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 776 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 920 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1020 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 452 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 480 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 728 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1128 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko] [MD5.41735B82DB57E4EBE9504EC400FD120E] - [23/04/2013 15:20:16] - 1304 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (8.0.1483.72) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [45248 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1600 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko] [MD5.F162D5F5E845B9DC352DD1BAD8CEF1BC] - [14/07/2009 01:37:38] - 1348 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko] [MD5.EB11385D353074882A69B7B2C993DE02] - [23/04/2013 15:20:16] - 2552 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (8.0.1483.72) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4767304 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 2532 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1420 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 3100 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 3928 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServicePeerNet [27136 Ko] [MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 01:31:13] - 1068 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [27136 Ko] [MD5.5809C4C68BDF9C719C2F6E4CAFFAB254] - [23/04/2013 15:56:49] - 872 | C:\Users\Mareva\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.4.16) -> "C:\Users\Mareva\Downloads\winlogon.exe" [2428313 Ko] [MD5.E7D4792C5B1AC43BD0BA8DE4A7F3FF60] - [12/05/2011 12:23:35] - 5072 | C:\Windows\explorer.exe (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16768) -> explorer.exe [2870272 Ko] [MD5.00BB2B53F40383882D2A8690BC179D3B] - [15/01/2013 00:17:03] - 5112 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.4.14) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe" [311137 Ko] [MD5.A7C197B611BCD43E37D9BC928922AE0D] - [14/07/2009 01:47:34] - 4376 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\wmiprvse.exe [368640 Ko] [MD5.C1C03EA437EDDA8A7D4D8786E5AE6751] - [21/06/2012 12:28:38] - 2280 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe" [57880 Ko] [MD5.40DE3074D0D94AA01431ACCA9DBD8827] - [01/03/2011 18:17:02] - 536 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7600.16699) -> taskeng.exe {015BB7B6-D9B2-4D88-92F5-1A257F2C3AFC} [464384 Ko] [MD5.40DE3074D0D94AA01431ACCA9DBD8827] - [01/03/2011 18:17:02] - 1368 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7600.16699) -> taskeng.exe {AD881D3B-EEAB-41EC-AAD4-A4B4D02E18F0} [464384 Ko] [MD5.A7C197B611BCD43E37D9BC928922AE0D] - [14/07/2009 01:47:34] - 2180 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\wmiprvse.exe [368640 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files (x86)\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Repaired : [HKU\S-1-5-21-626529243-327759216-3920316985-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO : OK ! ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK ! ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\PROGRA~3\Wincert\WIN32C~1.DLL [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\PROGRA~3\Wincert\WIN32C~1.DLL [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center : OK ! ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\Iphlpsvc] : 4 -> 2 Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 4 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-626529243-327759216-3920316985-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://www.google.com/ie -> http://www.google.com/ Repaired : [HKU\S-1-5-21-626529243-327759216-3920316985-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-626529243-327759216-3920316985-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-626529243-327759216-3920316985-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://packardbell.msn.com -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://packardbell.msn.com -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-626529243-327759216-3920316985-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVU\productInfoCache.db Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\dbghelp.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\msvcp100.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\msvcr100.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\pythoncom26.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\python26.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\pywintypes26.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\sqlite3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\softokn3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\js3250.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\smime3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\nssckbi.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\ssl3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\nspr4.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\nssutil3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\nss3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\xul.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\mozctl.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\plds4.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\xpcom.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\freebl3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\nssdbm3.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\plc4.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\mozctlx.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\pixomatic.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\npfpbase_vc10.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\NPSWF32.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\CallStack.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\ParticleLib.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\nphwndproxy.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\audiere.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\boost_python.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\MemoryHook.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\cal3d.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\zero.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\SceneWindow.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\glRenderEngine.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\imvuflash.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\imvugecko.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\npimvu.dll Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\w9xpopen.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\plugin-container.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\WriteMiniDump.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\devicefingerprint.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\IMVUClient.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\IMVUupdater.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\Uninstall.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Roaming\IMVUClient\IMVUClient.exe.manifest Moved to quarantine successfully : C:\Users\Mareva\AppData\Local\Module\sqlite3.exe Moved to quarantine successfully : C:\Users\Mareva\AppData\Local\Module\chrome.js Moved to quarantine successfully : C:\Users\Mareva\AppData\Local\Module\firefox.js Moved to quarantine successfully : C:\Users\Mareva\Downloads\setup_av_free.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup308.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup309.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\vlc-1.1.11-win32.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\Firefox Setup 6.0.1.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\PSISetup.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\install_flash_player_ax.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\AdbeRdr940_en_US.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\AdobeAIRInstaller.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup311.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup312.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup(1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup(2).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\FacebookVideoCallSetup_v1.2.203.0.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup314.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup(3).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup315.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\emule049c.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\eMuleSetup.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\eMuleSetup (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\eMuleSetup (2).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\IE9-Windows7-x64-enu.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup316.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chromeinstall-6u31.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\FlashPlayer_11.2.202.228_32-bit.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\FHSetup-1.039.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\AdbeRdr1013_en_US.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\jre-7u4-windows-x64.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup318.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\air3-3_p2_win_041812.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\Firefox Setup 13.0b1.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\flashplayer11-3_p2_install_win_ax_041812.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\flashplayer11-3_p2_install_win_pi_041812.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chrome_installer.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\DirtBike.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup318(1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\AdbeRdr1013_en_US(1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chrome_installer(1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\UnityWebPlayer.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\microtorrent_torrent_3.1.3_build_27220_francais_18245.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\setup-lightshot-2.5.0.0.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\Support-LogMeInRescue.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup319.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\install_flash_player_ax(1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\install_flash_player.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\jre-7u5-windows-x64.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\wlsetup-web.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chrome_installer(2).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\install_flash_player(1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup320.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup321.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup(4).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup322.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\AdbeRdr1014_en_US.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\23.0.1271.10_chrome_installer.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup323.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\24.0.1290.1_chrome_installer.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\tuto_googlechrome.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\tpc-59.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chrome_installer (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\google-chrome_google_chrome_22_francais_257658.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\AdbeRdr11000_en_US.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\jre-7u9-windows-x64.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\24.0.1297.0_chrome_installer.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\flashplayer11-5_install_win_pi.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\SoftonicDownloader_pour_timeline-remove.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup324.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\InstallIMVU_479.28_st_c.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\avast_free_antivirus_setup (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup325.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\FHSetup.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\25.0.1349.2_chrome_installer.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\25.0.1349.2_chrome_installer (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\air3-5_win.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\aresregular219_installer (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup326.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup327.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\iLividSetup.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\asc-setup (2).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\ccsetup328.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\Shockwave_Installer_Slim.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chromeinstall-7u17.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chromeinstall-7u17 (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\chromeinstall-7u17 (2).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\avast_free_antivirus_setup.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\adwcleaner (1).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\adwcleaner.exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\adwcleaner (2).exe Moved to quarantine successfully : C:\Users\Mareva\Downloads\winlogon.exe Moved to quarantine successfully : C:\Windows\Tasks\update-sys.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\update-sys Moved to quarantine successfully : C:\Windows\Tasks\update-S-1-5-21-626529243-327759216-3920316985-1000.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\update-S-1-5-21-626529243-327759216-3920316985-1000 Moved to quarantine successfully : C:\ProgramData\PKP_DLeo.DAT Moved to quarantine successfully : C:\ProgramData\PKP_DLes.DAT Moved to quarantine successfully : C:\ProgramData\PKP_DLet.DAT Moved to quarantine successfully : C:\ProgramData\PKP_DLev.DAT Moved to quarantine successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk Will be moved at reboot : C:\ProgramData\{CED89F1A-945F-46EC-B23C-5EAF6D2DB12A} Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\Mareva\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Prefetch -> Emptied Disinfected : C:\Users\All Users\Bureau\Boutique Accessoires PB.lnk : C:\Program Files (x86)\PB Accessory Store\StartUrl.exe (hxxp://store.packardbell.com/Store/ASFR?utm_source=Icons&utm_medium=Link&utm_campaign=PB%2BInternal) Disinfected : C:\Users\All Users\Microsoft\Windows\Start Menu\Programs\Packard Bell - Security & Support\Contact.lnk : C:\Program Files (x86)\Internet Explorer\iexplore.exe (hxxp://go.packardbell.com/?id=9660) Suspect : C:\Users\Mareva\AppData\Roaming\vlc\vlcrc Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_socket.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_sqlite3.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\unicodedata.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_hashlib.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_ctypes.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_ssl.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\bz2.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\pyexpat.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\select.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\Crypto.Cipher.Blowfish.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\PIL._imaging.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_imaging.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32com.shell.shell.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_win32sysloader.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32process.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32evtlog.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32event.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32gui.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32api.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32file.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32clipboard.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\win32pipe.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_pylzma.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_audiere.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_avatarwindow.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_cal3d.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_imvuflash.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_imvugecko.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\_libzero.pyd Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\loadorder.py Suspect : C:\Users\Mareva\AppData\Roaming\IMVUClient\imvuicon.icns Suspect : C:\ProgramData\EnterNHelp\hxcs.xxc Suspect : C:\ProgramData\EnterNHelp\hxcx.xxc Suspect : C:\ProgramData\EnterNHelp\hxcz.xxc Suspect : C:\ProgramData\EnterNHelp\hxcw.xxc Suspect : C:\ProgramData\EnterNHelp\hxeg.xxb Suspect : C:\ProgramData\EnterNHelp\hxdu.xxb Suspect : C:\ProgramData\EnterNHelp\hxdv.xxb Suspect : C:\ProgramData\EnterNHelp\hxdx.xxb Suspect : C:\ProgramData\Ultima_T15\reg_configew.stn Suspect : C:\ProgramData\Ultima_T15\reg_configek.stn Suspect : C:\ProgramData\Ultima_T15\reg_configel.stn Suspect : C:\ProgramData\Ultima_T15\reg_configen.stn Suspect : C:\Windows\LMv4.UNI ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Program Files] : Hidden : 7 | Restored : 7 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Pictures] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 113 | Restored : 111 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 20 | Restored : 20 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon]|[AutoRestartShell] : 1 End : 16:25:29 Pre_Scan_Protect.exe Stopped successfully ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped 15:57:18 : SearchIndexer.exe 15:57:18 : SearchIndexer.exe 15:57:18 : wmpnetwk.exe 15:57:19 : SearchIndexer.exe 15:57:19 : wmpnetwk.exe 15:57:20 : LMS.exe 15:57:20 : WLIDSVC.EXE 15:57:41 : SearchIndexer.exe 15:57:41 : wmpnetwk.exe 15:57:49 : SearchIndexer.exe 15:57:49 : wmpnetwk.exe 15:58:10 : spoolsv.exe 15:59:11 : spoolsv.exe 15:59:11 : TrustedInstaller.exe 16:04:12 : TrustedInstaller.exe 16:04:13 : SearchIndexer.exe 16:08:08 : taskhost.exe 16:18:29 : SearchIndexer.exe 16:18:29 : SearchIndexer.exe ~ Thx to C_XX , Slyk for their help for the evolution of the tool ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 484