¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0731 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 11:01:04 ~ Update on 31/07/2013 | 10.10 by g3n-h@ckm@n ~ Evolution : http://www.security-helpzone.com/forum/Forum-Mises-%C3%A0-jour-Pre-Scan | http://www.sosvirus.net/changelogs-f229/ ~ Pre_Script Infos : http://www.sosvirus.net/tutoriels/switchs-pre-script-t312.html | http://www.security-helpzone.com/forum/Thread-Les-Switches ~ Pre_scan Feedbacks : http://www.sosvirus.net/remontee-bug-feedback-f233/ | http://www.security-helpzone.com/forum/Forum-Feedbacks-Pre-Scan ~ [Florian (Administrator)] - [FLORIAN-PC] ~ SID = S-1-5-21-3978709308-2462950590-1045468227-1001 ~ System : Windows 7 Professional (64 bits) Professional Service Pack 1 ~ ProcessorNameString : Intel(R) Core(TM) i7-3517U CPU @ 1.90GHz ~ Identifier : Intel64 Family 6 Model 58 Stepping 9 ~ Mémory RAM = Total (MB) : 4077 | Free (MB) : 1812 ~ Pagefile = Total (MB) : 10190 | Free (MB) : 7798 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4028 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\readme.txt C:\Windows\Setup\Scripts\labelc2rdrive.exe C:\Windows\Setup\Scripts\labelc2rdrive.exe.config C:\Windows\Setup\Scripts\SetupComplete.cmd C:\Windows\Setup\Scripts\oobe.cmd ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [OS] | Total : 190780 Mo | Free : 64340 Mo -> NTFS d:\-> [Fixed] | [DATA] | Total : 260230 Mo | Free : 150410 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\UpdatusUser ~ C:\Users\Florian Impossible to create restorepoint !!! Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (836) -- nvSCPAPISvr.exe (1644) -- AsLdrSrv.exe (1672) -- GFNEXSrv.exe (1680) -- wlanext.exe (1708) -- conhost.exe (1860) -- spoolsv.exe (1332) -- armsvc.exe (1712) -- AppleMobileDeviceService.exe (2084) -- InsOnSrv.exe (2212) -- devmonsrv.exe (2264) -- mDNSResponder.exe (2336) -- ProtectedObjectsSrv.exe (2416) -- DptfParticipantProcessorService.exe (2452) -- DptfPolicyConfigTDPService.exe (2484) -- EvtEng.exe (2528) -- ExpressCache.exe (2592) -- HeciServer.exe (2636) -- irstrtsv.exe (2688) -- Jhi_service.exe (2788) -- NitroPDFDriverService2x64.exe (2848) -- NLSSRV32.EXE (2912) -- oodag.exe (2376) -- RegSrvc.exe (3068) -- WLIDSVC.EXE (3136) -- ZeroConfigService.exe (3184) -- obexsrv.exe (3212) -- WLIDSVCM.EXE (4456) -- WUDFHost.exe (2056) -- BTHSAmpPalService.exe (4876) -- BTHSSecurityMgr.exe (4260) -- IAStorDataMgrSvc.exe (3760) -- IntelMeFWService.exe (1652) -- LMS.exe (744) -- SearchIndexer.exe (4012) -- UNS.exe (3580) -- HControl.exe (2292) -- InsOnWMI.exe (4820) -- taskeng.exe (4312) -- explorer.exe (2052) -- taskeng.exe (1736) -- BatteryLife.exe (5072) -- taskhost.exe (4760) -- sensorsrv.exe (5056) -- USBChargerPlus.exe (2464) -- wcourier.exe (2184) -- ADDEL.exe (3032) -- ATKOSD.exe (1844) -- KBFiltr.exe (4776) -- WDC.exe (4132) -- ATKOSD2.exe (700) -- RAVCpl64.exe (4656) -- BleServicesCtrl.exe (4608) -- rundll32.exe (2968) -- QuickGesture.exe (2064) -- AsusTPCenter.exe (3920) -- QuickGesture64.exe (3728) -- hkcmd.exe (664) -- igfxpers.exe (1000) -- sidebar.exe (4328) -- Dashlane.exe (2180) -- uTorrent.exe (5276) -- wmpnetwk.exe (5468) -- mediasrv.exe (5352) -- iusb3mon.exe (5356) -- ACMON.exe (3924) -- AsScrPro.exe (5744) -- ACEngSvr.exe (6132) -- DMedia.exe (5124) -- HControlUser.exe (4052) -- jusched.exe (4016) -- btplayerctrl.exe (5080) -- IAStorIcon.exe (1220) -- chrome.exe (5208) -- chrome.exe (5348) -- chrome.exe (5140) -- chrome.exe (3368) -- chrome.exe (1300) -- chrome.exe (6392) -- chrome.exe (6948) -- chrome.exe (6352) -- chrome.exe (6736) -- chrome.exe (5936) -- SearchProtocolHost.exe (7132) -- SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [13/04/2013 15:48:07] - 504 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [112640 Ko] [14/07/2009 01:19:49] - 800 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 01:52:37] - 888 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko] [14/07/2009 01:19:49] - 908 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 01:19:46] - 952 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [24/02/2012 07:45:38] - 976 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [31232 Ko] [18/02/2011 22:09:48] - 984 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [343040 Ko] [14/07/2009 01:31:13] - 820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko] [14/07/2009 01:31:13] - 1072 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko] [14/07/2009 01:31:13] - 1144 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko] [14/07/2009 01:31:13] - 1188 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko] [14/07/2009 01:31:13] - 1232 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko] [14/07/2009 01:31:13] - 1280 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko] [14/07/2009 01:31:13] - 1496 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko] [18/02/2011 22:10:05] - 1600 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [390656 Ko] [14/07/2009 01:31:13] - 1928 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko] [14/07/2009 01:31:13] - 1960 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko] [14/07/2009 01:31:13] - 2304 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k bthsvcs [27136 Ko] [14/07/2009 01:47:12] - 3612 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding [47104 Ko] [14/07/2009 01:31:13] - 4104 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko] [18/02/2011 22:09:54] - 4372 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [372736 Ko] [14/07/2009 01:31:13] - 4124 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k HPService [27136 Ko] [14/07/2009 01:31:13] - 4756 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [27136 Ko] [14/07/2009 01:37:38] - 4856 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko] [18/02/2011 22:09:55] - 2052 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {58248799-0905-4393-BC09-B3B0208A4A13} [464384 Ko] [24/02/2012 08:42:16] - 6948 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (28.0.1500.72) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\Florian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkjojgglmmcghgaiknnpgjgldgaocjfd\2.1.2.39075_0\npDashlane.dll" --lang=fr --channel="1220.8.217020048\2130896694" /prefetch:-390060480 [846288 Ko] [31/07/2013 10:55:41] - 6808 | C:\Users\Florian\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.7.31) -> "C:\Users\Florian\Downloads\winlogon.exe" [1363119 Ko] [21/04/2012 00:16:12] - 2572 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [635104 Ko] [23/09/2012 15:55:46] - 3796 | C:\Windows\explorer.exe (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> explorer.exe [2871808 Ko] [14/07/2009 01:57:20] - 3416 | C:\Windows\System32\rundll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding [45568 Ko] [23/04/2012 17:23:28] - 6876 | C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (.Intel(R) Corporation - Intel(R) BlueTooth(R) HS Security Manager Service.) - (15.2.0.8) -> "C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe" [135952 Ko] [24/02/2012 07:19:50] - 2020 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [591872 Ko] [18/02/2011 22:10:17] - 6516 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko] [29/03/2011 07:11:06] - 6872 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292096 Ko] [12/12/2012 23:41:29] - 5180 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [276864 Ko] [29/03/2011 07:11:06] - 3852 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 6872 [223104 Ko] [28/08/2012 14:04:30] - 5168 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [559104 Ko] [15/03/2012 07:09:20] - 1000 | C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (.Intel Corporation - Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter.) - (15.2.0.2) -> "C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe" [659976 Ko] [21/12/2012 16:27:46] - 7060 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [57008 Ko] [18/02/2011 22:09:54] - 6464 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [372736 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Users\Florian\AppData\Local\Google\Chrome\Application\Chrome.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 28 -> 145 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0 Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO : OK ! ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK ! ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\Windows\SysWOW64\nvinit.dll,C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center : OK ! [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]|[DisableMonitoring] : 1 ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\NVSvc] : 4 -> 2 Repaired : [HKLM | Services\Iphlpsvc] : 4 -> 2 Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 3 -> 2 Repaired : [HKLM | Services\winmgmt] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[ProxyOverride] : *.local; -> *.local Repaired : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts Impossible to Clean "hosts" !! ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Moved to quarantine successfully : C:\Users\Florian\AppData\Roaming\Dashlane\Dashlane.exe Moved to quarantine successfully : C:\Users\Florian\AppData\Roaming\sp_data.sys Moved to quarantine successfully : C:\Users\Florian\Downloads\tinyumbrella-6.10.02a.exe Moved to quarantine successfully : C:\Users\Florian\Downloads\spybotsd13.exe Moved to quarantine successfully : C:\Users\Florian\Downloads\winlogon.exe Moved to quarantine successfully : C:\Users\Florian\AppData\my_intel.sys Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{D0809973-9245-412B-89D6-391E4CF4EC6C} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{DDBC5611-4A58-4781-8F34-81122FEB7A6A} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{3B87FD86-A2F5-4A24-B46F-618FF335050C} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{3CA66DBE-61DE-4F92-8C4E-038B21B8E1BA} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{518B7E58-EF13-4334-9F5C-E9A2C1EDFAD8} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{124AAD26-90DE-4D32-A273-CA5C7178B2F9} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{6B28A683-C43C-4BC4-BF7A-1121A56CC41B} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{698314C1-E8DD-440B-B59E-AA79E6822718} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{200674FE-EAE2-4314-A5B5-AF7C4D43B404} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{80CF3CB7-FCDA-462C-BF64-2AA3675ED1FD} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{FD411B27-51E0-4076-99F5-984BF1B03E7D} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{EC0CB508-F549-4F5F-AF62-3CF590A41A66} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{FC48AAF5-B475-4752-BE29-AED8DCD7059C} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{696EB7BD-F0AC-46A0-A967-1F8257F59C1D} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{50EB5AE5-FB21-4D72-B62B-6E50952ED951} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{B9F65AF2-6870-4972-AC5B-56417AC87AEA} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{01924FF5-4E50-4174-8AB0-EB1ED0EEAE02} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{E7232C98-704A-401E-BC22-D54AD6BC1DD9} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{79212CF3-6FEC-4E8F-8124-15BDD41C57BD} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{4A29FBD5-B396-4546-A864-1E711922CFF3} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{0965FD54-9C01-4862-B2F6-763B6880AD21} Moved to quarantine successfully : C:\Users\Florian\AppData\Local\{285CEF1C-8DA6-4CAB-A163-96D3BBA83EA8} Moved to quarantine successfully : C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3978709308-2462950590-1045468227-1001UA.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\FacebookUpdateTaskUserS-1-5-21-3978709308-2462950590-1045468227-1001UA Moved to quarantine successfully : C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3978709308-2462950590-1045468227-1001Core.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\FacebookUpdateTaskUserS-1-5-21-3978709308-2462950590-1045468227-1001Core Moved to quarantine successfully : C:\Windows\Tasks\NUAutoUpdate.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\NUAutoUpdate Deleted : [HKU\S-1-5-21-3978709308-2462950590-1045468227-1001\Software\Microsoft\Windows\CurrentVersion\Run]|[Dashlane] : "C:\Users\Florian\AppData\Roaming\Dashlane\Dashlane.exe" autoLaunchAtStartup Moved to quarantine successfully : C:\ProgramData\FullRemove.exe Moved to quarantine successfully : C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 Moved to quarantine successfully : C:\ProgramData\ma-config.com Moved to quarantine successfully : C:\ProgramData\regid.1986-12.com.adobe Moved to quarantine successfully : C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log Moved to quarantine successfully : C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Will be moved at reboot : C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} Moved to quarantine successfully : C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\Florian\AppData\LocalLow\Sun\Java\Deployment\cache\ Prefetch -> Emptied Suspect : C:\ProgramData\SecTaskMan\icm_12346db Suspect : C:\ProgramData\SecTaskMan\icm_000021599B0090400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109110000000100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041091A00C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109340000000100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041093400C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041094400C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041095100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041096100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041098100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_000041099100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109A100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109AB00C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109B100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109C200C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109E600C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109F10010400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109F10031400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109F10070400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109F10090400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109F100A0C00100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_00004109F100C0400100000000F01FEC Suspect : C:\ProgramData\SecTaskMan\icm_007B61DEF19D0B4468C7E75B52C33AD8 Suspect : C:\ProgramData\SecTaskMan\icm_00B2AB1159418B74FB8A0DC806A52BCC Suspect : C:\ProgramData\SecTaskMan\icm_0153CF3712467F045930DEEAD4C07FD0 Suspect : C:\ProgramData\SecTaskMan\icm_019EAD8727ACE054DA2277C21B0A6087 Suspect : C:\ProgramData\SecTaskMan\icm_02F12AEC4FBDC464B818828B05A8DFDD Suspect : C:\ProgramData\SecTaskMan\icm_032440EF5AC97F34B985A55C2AA8F133 Suspect : C:\ProgramData\SecTaskMan\icm_045F27F206F16624596059B2126D46D0 Suspect : C:\ProgramData\SecTaskMan\icm_0550E26E890C2A345BB430BFE1364438 Suspect : C:\ProgramData\SecTaskMan\icm_0630FB09BD1A99546A3459BA095AC2E1 Suspect : C:\ProgramData\SecTaskMan\icm_06E1A36C4A6BB044985AF16C4ECAC149 Suspect : C:\ProgramData\SecTaskMan\icm_06F372D55250AB845ABF0DAC4A9A25EA Suspect : C:\ProgramData\SecTaskMan\icm_076CFAAAB965F2A4284B2449E5D03EFE Suspect : C:\ProgramData\SecTaskMan\icm_09683D6BE55704F43AA5328FCBB268CA Suspect : C:\ProgramData\SecTaskMan\icm_0B90011FBD4FB3647B7125664E4789AA Suspect : C:\ProgramData\SecTaskMan\icm_0BF568C2E15022D4CA2624E830A5AE0F Suspect : C:\ProgramData\SecTaskMan\icm_0C8D398C0AB171541BC18EB9567EF207 Suspect : C:\ProgramData\SecTaskMan\icm_0D262DB9887B64540A5A4F5FE63C38B4 Suspect : C:\ProgramData\SecTaskMan\icm_0EE4E59FE6C037246B9B19DFF670D167 Suspect : C:\ProgramData\SecTaskMan\icm_0FB3B06AB459FA248B8DC2D1436B31AA Suspect : C:\ProgramData\SecTaskMan\icm_10AFD3FF89E14B640A56ADA84DC75989 Suspect : C:\ProgramData\SecTaskMan\icm_11B786265B8581A4B93CD94FEC301F49 Suspect : C:\ProgramData\SecTaskMan\icm_11F12B5E3396B0E42AC597363E0CD711 Suspect : C:\ProgramData\SecTaskMan\icm_121E2D80A6F7BE3479DF26B944094330 Suspect : C:\ProgramData\SecTaskMan\icm_12DA52202E3F6194FB3F563D9F505228 Suspect : C:\ProgramData\SecTaskMan\icm_13DF6947BC5E4EA4283D13905985FBA6 Suspect : C:\ProgramData\SecTaskMan\icm_15150F9C9A59B9B45B4371062E0D415A Suspect : C:\ProgramData\SecTaskMan\icm_153AA053AF120723B8A73845437E66DA Suspect : C:\ProgramData\SecTaskMan\icm_16525446F96163A42AFF5B1E81CE565F Suspect : C:\ProgramData\SecTaskMan\icm_1926E8D15D0BCE53481466615F760A7F Suspect : C:\ProgramData\SecTaskMan\icm_19A2C00C3BC6F384083B92852E49861F Suspect : C:\ProgramData\SecTaskMan\icm_19DA96544F74E9D4F89C17E73CD2A71E Suspect : C:\ProgramData\SecTaskMan\icm_19DAA77609715CF42B58E0A6D9567FCD Suspect : C:\ProgramData\SecTaskMan\icm_1A3414F312C911046897B31C10C48668 Suspect : C:\ProgramData\SecTaskMan\icm_1AC96F77D35E77D4B83AAF7006C68C15 Suspect : C:\ProgramData\SecTaskMan\icm_1C6BAFB664D6BD645A832A9609C7F9F2 Suspect : C:\ProgramData\SecTaskMan\icm_1D034B0FAA6BD374B960AAD30DF10D8B Suspect : C:\ProgramData\SecTaskMan\icm_1D5E3C0FEDA1E123187686FED06E995A Suspect : C:\ProgramData\SecTaskMan\icm_1E183A529BA0A7E4CAECAB945D91FCE4 Suspect : C:\ProgramData\SecTaskMan\icm_2037E861A098831419902A52CAFAA71D Suspect : C:\ProgramData\SecTaskMan\icm_2068FB0B25AEA0B42ADBDEBA0B790703 Suspect : C:\ProgramData\SecTaskMan\icm_20B91A1DE71869244AB57058F37DD475 Suspect : C:\ProgramData\SecTaskMan\icm_21F1DBD139DE0C947ACC65BCED841885 Suspect : C:\ProgramData\SecTaskMan\icm_2204D958D67BED0469FE9CC0AD62F344 Suspect : C:\ProgramData\SecTaskMan\icm_2350B7483E55FAA4D8B73E1A7ADC715E Suspect : C:\ProgramData\SecTaskMan\icm_24199FEE7533C2042B89ED3C301ED229 Suspect : C:\ProgramData\SecTaskMan\icm_25BBB29DFF28DE24A8C3E460F249A47B Suspect : C:\ProgramData\SecTaskMan\icm_266A727EF9FAEED4185C4F1A86F6D3CF Suspect : C:\ProgramData\SecTaskMan\icm_26CEF00243C306D4C98ECE73E2100CF8 Suspect : C:\ProgramData\SecTaskMan\icm_2B0163E6D0340BE4183EB2758E9BEDD8 Suspect : C:\ProgramData\SecTaskMan\icm_2D60ACBF246433F42BA07ABAF3D0E296 Suspect : C:\ProgramData\SecTaskMan\icm_2FB93CDC796995948B392AEE50FEA6BC Suspect : C:\ProgramData\SecTaskMan\icm_2FD86640F23D5554C9E75325D3DC5644 Suspect : C:\ProgramData\SecTaskMan\icm_31BAE7FECF64DD94E8C3AA8F2A685CBB Suspect : C:\ProgramData\SecTaskMan\icm_31CE405C221E9394DBE6EEA5B3AAF5CE Suspect : C:\ProgramData\SecTaskMan\icm_31CFA8E68B7F8D1488BA1F0DFC5C3650 Suspect : C:\ProgramData\SecTaskMan\icm_327CF605C6E87144C9FF53F199314052 Suspect : C:\ProgramData\SecTaskMan\icm_329710E78F6123E449FEA051B01D69EF Suspect : C:\ProgramData\SecTaskMan\icm_34FBB18171ACA1E47AD8186EA7758B4A Suspect : C:\ProgramData\SecTaskMan\icm_35E11FF7200C04F4D886B67E155EDD26 Suspect : C:\ProgramData\SecTaskMan\icm_3876C167CB3DBA84E8C716EC19A84863 Suspect : C:\ProgramData\SecTaskMan\icm_389F20921C4BAB448BD5C5D6252E4C14 Suspect : C:\ProgramData\SecTaskMan\icm_3AC763F0F2B39F344AA4528AEE964ED5 Suspect : C:\ProgramData\SecTaskMan\icm_3B464E39570D989478DF8A825B3C801B Suspect : C:\ProgramData\SecTaskMan\icm_3C2824E4E66F258438A767572517872C Suspect : C:\ProgramData\SecTaskMan\icm_3CFC2BE15C1E4CF41B8F45D96D42C276 Suspect : C:\ProgramData\SecTaskMan\icm_3D04254D3B6B9FF42B3445CE3E1E0066 Suspect : C:\ProgramData\SecTaskMan\icm_3D331821A73026C41B7B5566A60185A7 Suspect : C:\ProgramData\SecTaskMan\icm_3e43b73803c7c394f8a6b2f0402e19c2 Suspect : C:\ProgramData\SecTaskMan\icm_3EC0F36B0DCCA094A9C91E3A3B1A1773 Suspect : C:\ProgramData\SecTaskMan\icm_40E2E88F5FE7C884E8839CE48B8054E8 Suspect : C:\ProgramData\SecTaskMan\icm_413CD38E629C4124DA854167196DEFF9 Suspect : C:\ProgramData\SecTaskMan\icm_422F2144948316443A9EEDFED8527209 Suspect : C:\ProgramData\SecTaskMan\icm_42E3739227CAE424F8A2BFF049632FF1 Suspect : C:\ProgramData\SecTaskMan\icm_4314AE291D01A814191EA5403531A183 Suspect : C:\ProgramData\SecTaskMan\icm_433AE891F3A82BC4D916C6018B61A8F6 Suspect : C:\ProgramData\SecTaskMan\icm_44EC008B602DD5746A2EB583802E6DA0 Suspect : C:\ProgramData\SecTaskMan\icm_44F13BF10D4D67D449A41A5A7DF93D12 Suspect : C:\ProgramData\SecTaskMan\icm_45AB74ECCA87F9041915DB5FEB518A40 Suspect : C:\ProgramData\SecTaskMan\icm_45B88E4E7774956469A7E2DEE1A6DF38 Suspect : C:\ProgramData\SecTaskMan\icm_45B94F9C6F6050641BF49874D73E4890 Suspect : C:\ProgramData\SecTaskMan\icm_46B5A9879DD95AB419A50FCFA0B1B7EF Suspect : C:\ProgramData\SecTaskMan\icm_4999321B058A2E44EB8D7EA01221E461 Suspect : C:\ProgramData\SecTaskMan\icm_49D4E26060385D64186B546EDA907C99 Suspect : C:\ProgramData\SecTaskMan\icm_4A4869755DDD3AC4E98AB77E9D95D34B Suspect : C:\ProgramData\SecTaskMan\icm_4A59BDD1B7DF71543B1FB2AC9A86976E Suspect : C:\ProgramData\SecTaskMan\icm_4A9D4F432C248434EB4F5E358C54947E Suspect : C:\ProgramData\SecTaskMan\icm_4BF1F1488FDFC1644A69E3C1DF480C5B Suspect : C:\ProgramData\SecTaskMan\icm_4CD7BA2CE9849EB488A72562F2ABBD0E Suspect : C:\ProgramData\SecTaskMan\icm_4E42866C3BBC1584BBF38EFC6D539032 Suspect : C:\ProgramData\SecTaskMan\icm_4E9B274AFFA0B7F42BD56FF4E829A8BA Suspect : C:\ProgramData\SecTaskMan\icm_4EA42A62D9304AC4784BF238120771FF Suspect : C:\ProgramData\SecTaskMan\icm_4EBF976AD2AB415488433090288C3BA1 Suspect : C:\ProgramData\SecTaskMan\icm_4F300D559959FB44ABE9590D0637D03D Suspect : C:\ProgramData\SecTaskMan\icm_50FA96906FF400C4496034952983EDD0 Suspect : C:\ProgramData\SecTaskMan\icm_52490F9102C30374E9A2CFE2719C3F26 Suspect : C:\ProgramData\SecTaskMan\icm_52744B0D6663D294EB6F85A741DBB99D Suspect : C:\ProgramData\SecTaskMan\icm_55658EDAE1D8B4E4FB88E513F22B7CF4 Suspect : C:\ProgramData\SecTaskMan\icm_55ECC296EAE975F48A439082287EEFB0 Suspect : C:\ProgramData\SecTaskMan\icm_59D49284A9EE7734283144CF2456BF72 Suspect : C:\ProgramData\SecTaskMan\icm_59DF4A71705A1F34CB298D75A28F43A0 Suspect : C:\ProgramData\SecTaskMan\icm_5D98EEAB78E698F469301A1C00741918 Suspect : C:\ProgramData\SecTaskMan\icm_5DAB1C8C6E456414DA70A3A83D56963C Suspect : C:\ProgramData\SecTaskMan\icm_5DB8CED64757AF740B0894B2BB2EEF3A Suspect : C:\ProgramData\SecTaskMan\icm_5E3DAEF5851A66B49BB2C059D9C78F83 Suspect : C:\ProgramData\SecTaskMan\icm_5E3E958AF26CAFB4FAD1B2590E1366FA Suspect : C:\ProgramData\SecTaskMan\icm_5FC02BFED6A13F148859223364EC2619 Suspect : C:\ProgramData\SecTaskMan\icm_60668EEB5BFE3534F943920E5CC9CDAF Suspect : C:\ProgramData\SecTaskMan\icm_60EA627A3AAA1D34783E075F0113F440 Suspect : C:\ProgramData\SecTaskMan\icm_6116D6C8427B0184F8D20D746E7B6DE8 Suspect : C:\ProgramData\SecTaskMan\icm_61609E2BD05C98B44AD02973A76C965E Suspect : C:\ProgramData\SecTaskMan\icm_61B33B7353527E949809236678800A3A Suspect : C:\ProgramData\SecTaskMan\icm_643570D0CEFDE6E409D826F2C18C7E88 Suspect : C:\ProgramData\SecTaskMan\icm_645F5103E3C6A6E45B46CBFD880CABA2 Suspect : C:\ProgramData\SecTaskMan\icm_66D2718596F25124A9CEDE1869207363 Suspect : C:\ProgramData\SecTaskMan\icm_675B0CE09F093C34F8DA4A09D24F8B4F Suspect : C:\ProgramData\SecTaskMan\icm_6760F93DE36159549A712EF899BB4D2D Suspect : C:\ProgramData\SecTaskMan\icm_67D220FB27F930248BAF5622CD66FDAD Suspect : C:\ProgramData\SecTaskMan\icm_67D6ECF5CD5FBA732B8B22BAC8DE1B4D Suspect : C:\ProgramData\SecTaskMan\icm_68AB67CA7DA7FFFFB744AA0000000010 Suspect : C:\ProgramData\SecTaskMan\icm_699A5647ACF0D2D45AC28F330B28B9B5 Suspect : C:\ProgramData\SecTaskMan\icm_6A31C7EDAE4E69240B5DD5E7A86D5910 Suspect : C:\ProgramData\SecTaskMan\icm_6A6823D4BA6FA894284A4E0F0425F9D3 Suspect : C:\ProgramData\SecTaskMan\icm_6E815EB96CCE9A53884E7857C57002F0 Suspect : C:\ProgramData\SecTaskMan\icm_6E8A266FCD4F2A1409E1C8110F44DBCE Suspect : C:\ProgramData\SecTaskMan\icm_6F7A8E47D5757C2419878ED7B1B3FE8E Suspect : C:\ProgramData\SecTaskMan\icm_702501FF324831E40B1B055713072B54 Suspect : C:\ProgramData\SecTaskMan\icm_71B2AABD695D59141A96AB12660B6DB9 Suspect : C:\ProgramData\SecTaskMan\icm_7430F8847A4C4734197A0318B8DE7A01 Suspect : C:\ProgramData\SecTaskMan\icm_766F6333940964D4896BC447E3BE5C1B Suspect : C:\ProgramData\SecTaskMan\icm_76E045AFC590B1A479ABD445D7CEA94F Suspect : C:\ProgramData\SecTaskMan\icm_76FADEBD3A5C19C459D1133FEF36FAF3 Suspect : C:\ProgramData\SecTaskMan\icm_775F634D5961F2D4B844CA679CE90020 Suspect : C:\ProgramData\SecTaskMan\icm_77A5A59CF226AC5459044864F8BC811B Suspect : C:\ProgramData\SecTaskMan\icm_793ED408C28F768409580EAA35A92349 Suspect : C:\ProgramData\SecTaskMan\icm_7AA65C54B1DE00849AF7DEFDF353021B Suspect : C:\ProgramData\SecTaskMan\icm_7AB08E7FD90A1DD428B84C0A72D47402 Suspect : C:\ProgramData\SecTaskMan\icm_7B144B41D477071489AE1A6376EA2681 Suspect : C:\ProgramData\SecTaskMan\icm_7B292C385A83B0447A137070E0186AF4 Suspect : C:\ProgramData\SecTaskMan\icm_7B435DBA159EE074292CDCA51F377562 Suspect : C:\ProgramData\SecTaskMan\icm_7BD4C90EC03660F46A13E87A329932FA Suspect : C:\ProgramData\SecTaskMan\icm_7DAA1152FD2879B40B3B1E9B33130701 Suspect : C:\ProgramData\SecTaskMan\icm_7E0BA6F1DDC839B4A832AAE92BEFCF4E Suspect : C:\ProgramData\SecTaskMan\icm_7EB5C25F75F3E464A8450948204EC38E Suspect : C:\ProgramData\SecTaskMan\icm_7F6D0BCBBAE790046A2FE8E0F7137737 Suspect : C:\ProgramData\SecTaskMan\icm_7F80AB91827CC964A853FBDB6333EB80 Suspect : C:\ProgramData\SecTaskMan\icm_80319B0A66669424F86FE111FA7DF51E Suspect : C:\ProgramData\SecTaskMan\icm_811CF9E1D156439479EB5EC3EAC5D754 Suspect : C:\ProgramData\SecTaskMan\icm_8282786435468314EBC1EC53BF6F9787 Suspect : C:\ProgramData\SecTaskMan\icm_82D8A3496D08CD14EA4918EF4B0214FB Suspect : C:\ProgramData\SecTaskMan\icm_83AF057B0BA7BC24CABB7EBD9EFF06F3 Suspect : C:\ProgramData\SecTaskMan\icm_83E039EB3BB76B54582B25153F478F44 Suspect : C:\ProgramData\SecTaskMan\icm_8456A20EEDF62E04E89D11D9D7E746F1 Suspect : C:\ProgramData\SecTaskMan\icm_87109BD90B5BDB540B7A4DA0A6D11FAC Suspect : C:\ProgramData\SecTaskMan\icm_874ACB2BF0CEEE549A9EE5BA8EE77AD2 Suspect : C:\ProgramData\SecTaskMan\icm_87FFCDD619F6C83459765CAC9A7D5FC6 Suspect : C:\ProgramData\SecTaskMan\icm_88119C0AF88C68E4396EDCC7A9626694 Suspect : C:\ProgramData\SecTaskMan\icm_8888C0811F05B6249ACDBA381A89C956 Suspect : C:\ProgramData\SecTaskMan\icm_88C162D0B454EF644BB346E026B1AD11 Suspect : C:\ProgramData\SecTaskMan\icm_8B3F566F4B109A64E874FFD82C02C8F9 Suspect : C:\ProgramData\SecTaskMan\icm_90663BC66A3EC6443A1C7CE113D1B2C9 Suspect : C:\ProgramData\SecTaskMan\icm_9066B02879C4B2A36B4475B3600A0FCC Suspect : C:\ProgramData\SecTaskMan\icm_90F929EC35830814DB090367B4FF1763 Suspect : C:\ProgramData\SecTaskMan\icm_91785D291CBB3CC40AB8659C8E48CCC2 Suspect : C:\ProgramData\SecTaskMan\icm_92B4C4A0D9A501941AC39B025D577844 Suspect : C:\ProgramData\SecTaskMan\icm_933F38D4C5A512B4F83DD504B789E127 Suspect : C:\ProgramData\SecTaskMan\icm_93BAD29AC2E44034A96BCB446EB8552E Suspect : C:\ProgramData\SecTaskMan\icm_9500CD411F0026F4DBA1BA32DC159AE5 Suspect : C:\ProgramData\SecTaskMan\icm_95E2BFBBBD0B8C24F8D4FCE458746176 Suspect : C:\ProgramData\SecTaskMan\icm_96791936A5568A84DAC6934B176F38DE Suspect : C:\ProgramData\SecTaskMan\icm_96EA0798EB0485049961A0BCB179A4D3 Suspect : C:\ProgramData\SecTaskMan\icm_98A8935CC615FAD4AB70EE979490E065 Suspect : C:\ProgramData\SecTaskMan\icm_99EA28A13D48D684AB6D76952806E341 Suspect : C:\ProgramData\SecTaskMan\icm_9C15DDF9AA7FFA044AFF50004EE5A460 Suspect : C:\ProgramData\SecTaskMan\icm_9C861A450522850408BEF1A4142945A8 Suspect : C:\ProgramData\SecTaskMan\icm_9C8928403D4AB094F99FBA20A329833F Suspect : C:\ProgramData\SecTaskMan\icm_9D4227BCACD61F34F838B6E1930AF029 Suspect : C:\ProgramData\SecTaskMan\icm_9E2A16BA3D73D584095891BFFDC8FEA4 Suspect : C:\ProgramData\SecTaskMan\icm_9F114A485A04ADC4FB640EF9BBB23C31 Suspect : C:\ProgramData\SecTaskMan\icm_9FC52F6D78E4BE343B421CB29EDC6D86 Suspect : C:\ProgramData\SecTaskMan\icm_A09B10FAC52D06F4EADCE6DE5F90CD11 Suspect : C:\ProgramData\SecTaskMan\icm_A0F6785D9E2B67349B5FDC747B8B8D02 Suspect : C:\ProgramData\SecTaskMan\icm_A46095A19A21F964996F40FB11D8CBFF Suspect : C:\ProgramData\SecTaskMan\icm_A563885D93EA72F4DBEA4B7EC2E809C0 Suspect : C:\ProgramData\SecTaskMan\icm_A57765D93F393A44082948E08362ED03 Suspect : C:\ProgramData\SecTaskMan\icm_A638F7D3F1EA6AF4D89BF40E6679BAA0 Suspect : C:\ProgramData\SecTaskMan\icm_A6C64DD86500CEF47BA082BB611A1FF1 Suspect : C:\ProgramData\SecTaskMan\icm_A74D82B40FF58F54785411CDA2C1D9F0 Suspect : C:\ProgramData\SecTaskMan\icm_A79EF87A8C0CEC94980DDE5D421A3729 Suspect : C:\ProgramData\SecTaskMan\icm_A7E677E33C4F98A4E8DA35E527C23879 Suspect : C:\ProgramData\SecTaskMan\icm_A889D6FD0AEE7724AA8B51E880E634B9 Suspect : C:\ProgramData\SecTaskMan\icm_AA03B81ED2E6C0849B81FA1600F90401 Suspect : C:\ProgramData\SecTaskMan\icm_AB222EC36A6681D4EB9ED5125C97C8E3 Suspect : C:\ProgramData\SecTaskMan\icm_AD29A9B3473627846B6452F38126D4F5 Suspect : C:\ProgramData\SecTaskMan\icm_AEA7747775758D74B83339F9348D2281 Suspect : C:\ProgramData\SecTaskMan\icm_AF41F06E411E52F4EA0E33EFE99C1B3C Suspect : C:\ProgramData\SecTaskMan\icm_AFD7C4D9BBBC60F4DBCA498D1304D60F Suspect : C:\ProgramData\SecTaskMan\icm_B0CE0DAFB35779A4DA4323CAE18CBD96 Suspect : C:\ProgramData\SecTaskMan\icm_B2A5733580EF6B24E88B6118C82DB7C2 Suspect : C:\ProgramData\SecTaskMan\icm_B476F94747628E7478C965620AB6A219 Suspect : C:\ProgramData\SecTaskMan\icm_B53C70A248384AD4A95944B2C6980A37 Suspect : C:\ProgramData\SecTaskMan\icm_B5DEF536D6C2EB94786EA7F6DC22CBA5 Suspect : C:\ProgramData\SecTaskMan\icm_B6ACDB9A3563B764CA384963D73AFB3E Suspect : C:\ProgramData\SecTaskMan\icm_B850D529A465A3444B2BE7096C34E255 Suspect : C:\ProgramData\SecTaskMan\icm_B99EBFCA189631541BE72A86C3BEE95E Suspect : C:\ProgramData\SecTaskMan\icm_BC67EDCFD98923E47993A672D2B2E07D Suspect : C:\ProgramData\SecTaskMan\icm_BDEA94DC4BFFA9A43A2C9EFA18F46EEF Suspect : C:\ProgramData\SecTaskMan\icm_BF33AE91E43BAE04B8A81647A3BE97A5 Suspect : C:\ProgramData\SecTaskMan\icm_BF4DC2E5835413841867506D353C6E4D Suspect : C:\ProgramData\SecTaskMan\icm_BFF8CCA148D950C44AED2DA8B99C6189 Suspect : C:\ProgramData\SecTaskMan\icm_C010B7DCE7036A7458C60D950F1D7FC2 Suspect : C:\ProgramData\SecTaskMan\icm_C160DFBC72B498A4DA8D123061EEAF11 Suspect : C:\ProgramData\SecTaskMan\icm_c1c4f01781cc94c4c8fb1542c0981a2a Suspect : C:\ProgramData\SecTaskMan\icm_C28643E881181F13CBC489DC69571E2C Suspect : C:\ProgramData\SecTaskMan\icm_C3393AAFD0F605346BB6D9F7071343E3 Suspect : C:\ProgramData\SecTaskMan\icm_C3CDFBC612FC20C46ACD5A2A07F7FA55 Suspect : C:\ProgramData\SecTaskMan\icm_C42CF3A20CE691545AB2DF4AAEB9D242 Suspect : C:\ProgramData\SecTaskMan\icm_C48DFB04DC46CC24999078435C40926C Suspect : C:\ProgramData\SecTaskMan\icm_C55EC23CAB21159478799076DFFE55F6 Suspect : C:\ProgramData\SecTaskMan\icm_C5FA039D3915616488D79B47ECCF9407 Suspect : C:\ProgramData\SecTaskMan\icm_C7937558D24AF684793B2ABC2C735239 Suspect : C:\ProgramData\SecTaskMan\icm_C7BCDCEDCC85568419FA26F77989EF84 Suspect : C:\ProgramData\SecTaskMan\icm_C81D311B0B767BF43B928EB96691A46E Suspect : C:\ProgramData\SecTaskMan\icm_CC60E4C240F152C4B8C3399A40E94CC2 Suspect : C:\ProgramData\SecTaskMan\icm_CC973E50626FD7E438456483563B30FB Suspect : C:\ProgramData\SecTaskMan\icm_CDBD1AB11345DF646AF61AE71B4C93EE Suspect : C:\ProgramData\SecTaskMan\icm_CDCBA4A694A0231449E410BFCC3B64C5 Suspect : C:\ProgramData\SecTaskMan\icm_CF454FAAAC2892F4BA13A60149587EE6 Suspect : C:\ProgramData\SecTaskMan\icm_CFE4A58E2F28EEC4A8E826DFDA53A366 Suspect : C:\ProgramData\SecTaskMan\icm_D0AC3A29DC55D5C4AB59C562002CF062 Suspect : C:\ProgramData\SecTaskMan\icm_D20352A90C039D93DBF6126ECE614057 Suspect : C:\ProgramData\SecTaskMan\icm_D51CF92CB48ECEE45850D4DE4914C495 Suspect : C:\ProgramData\SecTaskMan\icm_D5BEE45EDE14EF044B8A5856BD1864B9 Suspect : C:\ProgramData\SecTaskMan\icm_D724708686D803D4FAB5B0838F9F848C Suspect : C:\ProgramData\SecTaskMan\icm_D7314F9862C648A4DB8BE2A5B47BE100 Suspect : C:\ProgramData\SecTaskMan\icm_D791992DAEDC6A143A365F23ED1441DF Suspect : C:\ProgramData\SecTaskMan\icm_D8E6EAF9686E5F945A47A085FD9D85C0 Suspect : C:\ProgramData\SecTaskMan\icm_DA84FEAD8C9839A41BDD547B4EBF0617 Suspect : C:\ProgramData\SecTaskMan\icm_DB885BE8893D0D04DA7FEBC1EE7F1C61 Suspect : C:\ProgramData\SecTaskMan\icm_DB91810EF9071A346900F6E5C485C473 Suspect : C:\ProgramData\SecTaskMan\icm_DBDB1253354DF9D5AA55447BD5126492 Suspect : C:\ProgramData\SecTaskMan\icm_DDA39468D428E8B4DB27C8D5DC5CA217 Suspect : C:\ProgramData\SecTaskMan\icm_DEA4EFDAE8F78564D8E647B2519B1F02 Suspect : C:\ProgramData\SecTaskMan\icm_DF99F8ED7CF289C4AA767292DF1E0F04 Suspect : C:\ProgramData\SecTaskMan\icm_DFA4044F3FE21C04C890925E3F6B79B2 Suspect : C:\ProgramData\SecTaskMan\icm_DFC90B5F2B0FFA63D84FD16F6BF37C4B Suspect : C:\ProgramData\SecTaskMan\icm_E08F45ADC1622A148A5545A941F4F295 Suspect : C:\ProgramData\SecTaskMan\icm_E19212F84440D1B49B9F34077AE343D6 Suspect : C:\ProgramData\SecTaskMan\icm_E339C5BAD7C503D43B41C9384AB949EB Suspect : C:\ProgramData\SecTaskMan\icm_E5CD0C84A0282F4498E0926BE8DDC387 Suspect : C:\ProgramData\SecTaskMan\icm_E807A14A6EB3165458D54420C7C10F8F Suspect : C:\ProgramData\SecTaskMan\icm_E873E3303DA65DA4DBBEBC6DB91340C6 Suspect : C:\ProgramData\SecTaskMan\icm_E888F0737A241194E943D74736E271BE Suspect : C:\ProgramData\SecTaskMan\icm_E97A59ECCF4EFFF4A857920FB449F22F Suspect : C:\ProgramData\SecTaskMan\icm_EB1ED226EDE93D943B94926D740643A2 Suspect : C:\ProgramData\SecTaskMan\icm_EC8EBD876F16C6D408C60AFF6FF5E5D1 Suspect : C:\ProgramData\SecTaskMan\icm_ECF99F7130F8934468A0525C5A34E481 Suspect : C:\ProgramData\SecTaskMan\icm_EDEED656CA6FAC745A861A4B3EB47506 Suspect : C:\ProgramData\SecTaskMan\icm_EE08493033965484888B77DFC0D350D9 Suspect : C:\ProgramData\SecTaskMan\icm_EEDB8CDDCACDD4042875E3D8B4874276 Suspect : C:\ProgramData\SecTaskMan\icm_EFEE0228DC83E77358593193D847A0EC Suspect : C:\ProgramData\SecTaskMan\icm_F057DDF27B941C04D9E52D59B50C2E8D Suspect : C:\ProgramData\SecTaskMan\icm_F0E19FED662DD3546B2FB10A204BC06B Suspect : C:\ProgramData\SecTaskMan\icm_F12DB8CE0AC0FBB4799DA4253B00141A Suspect : C:\ProgramData\SecTaskMan\icm_F132F0B0A6ECD384AA32773B467F9571 Suspect : C:\ProgramData\SecTaskMan\icm_F1983FF85B1017A4FBDC0267810974C1 Suspect : C:\ProgramData\SecTaskMan\icm_F1B706FFB87AD1F4CBE8C6A23B7B4550 Suspect : C:\ProgramData\SecTaskMan\icm_F1F913432FC79CC43B75A17E2DFFA35C Suspect : C:\ProgramData\SecTaskMan\icm_F3D7C5283B0D5D944AB2BC0BBF8EE599 Suspect : C:\ProgramData\SecTaskMan\icm_F44C9190A81FB3E47A7330862527EC27 Suspect : C:\ProgramData\SecTaskMan\icm_F4E3B286A696ED244AC1C470AE61874B Suspect : C:\ProgramData\SecTaskMan\icm_F60730A4A66673047777F5728467D401 Suspect : C:\ProgramData\SecTaskMan\icm_F9A84C6AA49643243BAA2695B0669872 Suspect : C:\ProgramData\SecTaskMan\icm_F9B7C1D7447288341B82C5578BCBCC48 Suspect : C:\ProgramData\SecTaskMan\icm_FB3C816B2415036418DD9F86469FC7E7 Suspect : C:\ProgramData\SecTaskMan\icm_FB55063BE0F5BAE408D42930FD3BA4CD Suspect : C:\ProgramData\SecTaskMan\icm_FB9326B958E40954D827153ED01B9AAA Suspect : C:\ProgramData\SecTaskMan\icm_EEDB402784A159D49A46449A52B034E9 Suspect : C:\ProgramData\SecTaskMan\_sbhookBAB60 Suspect : C:\ProgramData\SecTaskMan\_nvSCPAPISvr5814D76D Suspect : C:\ProgramData\SecTaskMan\_ssv1CD59A7 Suspect : C:\ProgramData\SecTaskMan\_WindowsLiveLogin9096BB86 Suspect : C:\ProgramData\SecTaskMan\_GROOVEEX399BA6DF Suspect : C:\ProgramData\SecTaskMan\icm_12350vi2 Suspect : C:\ProgramData\SecTaskMan\icm_12342rg Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.07_13.11_2244.SRV.tiny.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.07_13.11_2244.SRV.mini.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.07_13.11_2244.SRV.full.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.15_22.50_2340.SRV.tiny.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.15_22.50_2340.SRV.mini.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.15_22.50_2340.SRV.full.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.17_19.20_2268.SRV.tiny.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.17_19.20_2268.SRV.mini.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_04.17_19.20_2268.SRV.full.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.22_11.45_2476.SRV.tiny.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.22_11.45_2476.SRV.mini.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.22_11.45_2476.SRV.full.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.24_17.31_2344.SRV.tiny.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.24_17.31_2344.SRV.mini.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.24_17.31_2344.SRV.full.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.25_21.26_2336.SRV.tiny.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.25_21.26_2336.SRV.mini.dmp Suspect : C:\ProgramData\Kaspersky Lab\KTS.9.1.0.124b_05.25_21.26_2336.SRV.full.dmp Suspect : C:\Users\Florian\AppData\Local\libimobiledevice\HostPrivateKey.pem Suspect : C:\Users\Florian\AppData\Local\libimobiledevice\RootPrivateKey.pem Suspect : C:\Users\Florian\AppData\Local\libimobiledevice\HostCertificate.pem Suspect : C:\Users\Florian\AppData\Local\libimobiledevice\RootCertificate.pem Suspect : C:\Users\Florian\AppData\Local\libimobiledevice\a930c4ef4727ff7163e2248693df93ab21ab6f1f.pem Suspect : C:\Users\Florian\AppData\Local\libimobiledevice\libimobiledevicerc ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 66 | Restored : 65 ~ [Program Files] : Hidden : 4 | Restored : 4 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Desktop] : Hidden : 95 | Restored : 95 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 96 | Restored : 96 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 16 | Restored : 16 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon]|[AutoRestartShell] : 1 End : 11:48:49 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 703