¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0326 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 04:59:47 ~ Update on 26/03/2013 | 01.00 by g3n-h@ckm@n ~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil ~ Pre_Script Infos : http://sosvirus.org/viewtopic.php?f=228&t=312 ~ Pre_scan Feedbacks : http://sosvirus.org/viewforum.php?f=233 ~ [Guilliane (Administrator)] - [GUILLIANE-PC] ~ SID = S-1-5-21-3162039256-3928551421-1867649913-1000 ~ System : Windows 7 Starter (32 bits) Starter Service Pack 1 Computer : AOHAPPY2 | Bios Version : V1.10 | Bios Release : 07/27/2011 ~ ProcessorNameString : Intel(R) Atom(TM) CPU N570 @ 1.66GHz ~ Identifier : x86 Family 6 Model 28 Stepping 10 Computer : AOHAPPY2 - | Bios Version : V1.10 - | Bios Release : 07/27/2011 ~ Mémory RAM = Total (KB) : 1036150 | Used (%) : 50 | Free (KB) : 510050 ~ Pagefile = Total (KB) : 2084730 | Free (KB) : 1467010 ~ Virtual = Total (KB) : 2097020 | Free (KB) : 1985560 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\SetupComplete.cmd C:\Windows\Setup\Scripts\OOBE.CMD ¤¤¤¤¤¤¤¤¤¤ | Drives c:\ -> [Fixed] | [Acer] | Total : 287630 Mo | Free : 96130 Mo -> NTFS d:\ -> [Fixed] | [] | Total : 4200 Mo | Free : 2660 Mo -> FAT32 ¤¤¤¤¤¤¤¤¤¤ | Windows Updates Last(s) détection(s) : 2013-03-25 22:30:58 Last(s) download(s) : 2013-03-24 22:42:59 Last(s) installation(s) : 2013-03-23 19:03:49 Next search : 2013-03-26 17:04:33 ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\Guilliane ~ C:\Users\Invité New restorepoint created ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (1624) -- wlanext.exe (1632) -- conhost.exe (1728) -- spoolsv.exe (1856) -- armsvc.exe (1920) -- avgwdsvc.exe (1948) -- BBSvc.EXE (1992) -- ePowerSvc.exe (2028) -- GREGsvc.exe (120) -- RIconMan.exe (412) -- UpdaterService.exe (1324) -- RS_Service.exe (2216) -- sftvsa.exe (2240) -- c2c_service.exe (2316) -- TuneUpUtilitiesService32.exe (2376) -- ToolbarUpdater.exe (2416) -- WajamUpdater.exe (2452) -- WLIDSVC.EXE (2508) -- sftlist.exe (2596) -- WLIDSVCM.EXE (2944) -- taskhost.exe (2968) -- taskeng.exe (3172) -- explorer.exe (3436) -- RtHDVCpl.exe (3456) -- igfxtray.exe (3468) -- hkcmd.exe (3516) -- igfxsrvc.exe (3588) -- igfxpers.exe (3612) -- LManager.exe (3640) -- SynTPEnh.exe (3660) -- CVHSVC.EXE (3708) -- ePowerTray.exe (3776) -- SynTPHelper.exe (12) -- vprot.exe (2832) -- avgui.exe (3344) -- cltmng.exe (4280) -- igfxext.exe (4568) -- ePowerEvent.exe (5016) -- Skype.exe (5408) -- SearchIndexer.exe (5696) -- taskeng.exe (5748) -- AdobeARM.exe (812) -- msiexec.exe (6124) -- IAStorDataMgrSvc.exe (4124) -- sppsvc.exe (4456) -- chrome.exe (6040) -- wuauclt.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [MD5.16742790895960690237A5143CEDEC8B] - [14/07/2009 00:11:12] - 328 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.16385) -> \SystemRoot\System32\smss.exe [69632 Ko] [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - 760 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [MD5.B5C5DCAD3899512020D135600129D665] - [14/07/2009 00:36:49] - 800 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [MD5.342271F6142E7C70805B8A81E1BA5F5C] - [14/07/2009 00:11:09] - 808 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [MD5.0EC2851EF424B42DA1A5019ED493DB85] - [14/07/2009 00:11:26] - 856 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [259072 Ko] [MD5.81951F51E318AECC2D68559E47485CC4] - [15/01/2012 10:40:52] - 868 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [22528 Ko] [MD5.AFCA922DF5E09A68098CB4233D3661DC] - [20/11/2010 22:29:11] - 876 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [267776 Ko] [MD5.A534DA58EFE1EA894B4C917AB5944BCF] - [20/11/2010 22:29:06] - 964 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [286720 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1036 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1116 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1204 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1244 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1288 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1328 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1416 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1512 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 1768 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [MD5.505BF4D1CADEB8D4F8BCD08D944DE25D] - [14/07/2009 00:24:23] - 3100 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [92672 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 3880 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [MD5.54A47F6B5E09A77E61649109C6A08866] - [14/07/2009 00:19:28] - 3984 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [MD5.B042D6B383FEC85D73D09DB92F807713] - [14/07/2009 00:30:28] - 4352 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding [38912 Ko] [MD5.235C4DD85C59EFA98AAFF09006C8D7C2] - [20/11/2010 22:29:20] - 4476 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [MD5.77423FAAA82F388773E092E5E18D8847] - [26/03/2013 04:31:32] - 5668 | C:\Users\Guilliane\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.3.26) -> "C:\Users\Guilliane\Downloads\winlogon.exe" [2423531 Ko] [MD5.84F8BB3DED08453983546523C086F152] - [14/01/2013 23:17:03] - 1200 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.2.14) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe" [311107 Ko] [MD5.235C4DD85C59EFA98AAFF09006C8D7C2] - [20/11/2010 22:29:20] - 5800 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKU\S-1-5-21-3162039256-3928551421-1867649913-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 Repaired : [HKU\S-1-5-21-3162039256-3928551421-1867649913-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO : OK ! ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK ! ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0 [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd ¤¤¤¤¤¤¤¤¤¤ | Security Center : OK ! ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 4 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-3162039256-3928551421-1867649913-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3162039256-3928551421-1867649913-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-3162039256-3928551421-1867649913-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Moved to quarantine successfully : C:\Windows\popcinfo.dat Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\History\History.IE5\index.dat Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Low\Fichiers Internet temporaires\Content.IE5\index.dat Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Low\History\History.IE5\index.dat Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\CommonInstaller.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\conduitinstaller.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\GoogleUpdateSetup.exe6b7232c Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\MachineIdCreator.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\oi_{3D37CFF2-F3BD-414D-8BD6-878AAA7E7EC4}.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\ToolbarInstaller.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\wajam_install.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\CT3128284\spff.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\CT3128284\statisticsStub.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Messenger_20.0.0001_0\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\FixTransforms.exe Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\components\avg-dnt-policy.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\components\toolbarhomeApi.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\avg-dnt-adapter.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\avgJsm.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\configuration.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\HistoryCleaner.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\IOJsm.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\Preferences.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\modules\propertiesJsm.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\CT3128284\xpi\defaults\preferences\defaults.js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\BGJ38S5J\272c030ffa415be1a151aae835bbe4[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\adm_600[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\adtrk[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\firewall2b[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\GRedirect[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\jquery-1.4.2.min[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\surly[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\C7KH2WFI\surly[2].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\PW6RE8AX\34593_8215046653921A65A40B74295DABF2FE[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\PW6RE8AX\4310[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\PW6RE8AX\flashwrite_1_2[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\PW6RE8AX\pixel[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\S64B7VU3\ba[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\S64B7VU3\show0[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\Fichiers Internet temporaires\Content.IE5\S64B7VU3\tfav_amnet1_bamnet1[1].js Moved to quarantine successfully : C:\Users\GUILLI~1\AppData\Local\Temp\avg@toolbar\chrome.manifest Moved to quarantine successfully : C:\Windows\Temp\CheckSUR\CheckSurSqm.dat Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\avgdttbx.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\npsitesafety.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\SiteSafety.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\ViProtocol.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ConfigFiles\avguidx.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\GenericWndApi.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\avgdttbx.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\npsitesafety.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\SiteSafety.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\ViProtocol.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ConfigFiles\avguidx.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\avgdttbx.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\AVGRewardsWorker.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\npsitesafety.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\SiteSafety.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\ViProtocol.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ConfigFiles\avguidx.dll Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\14.1.0.10\AVG Secure Search_toolbar.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\amd64\AppChk.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\amd64\Lts.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\amd64\MatsMui.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\ar\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\bg\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\cs\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\da\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\de\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\el\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\es\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\et\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\fi\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\fr\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\he\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\hi\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\hr\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\hu\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\id\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\it\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\ja\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\ko\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\lt\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\lv\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\nl\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\no\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\pl\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\pt-BR\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\pt-PT\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\ro\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\ru\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\sk\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\sl\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\sr\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\sv\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\th\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\tr\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\uk\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\vi\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\x86\AppChk.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\x86\Lts.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\x86\MatsMui.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\zh-CHS\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\zh-CHT\MATSBoot.resources.dll Moved to quarantine successfully : C:\Windows\Temp\SDIAG_92f42c97-82ec-4c8a-845c-6a2c7829015a\DiagPackage.dll Moved to quarantine successfully : C:\Windows\Temp\{0B51C5BD-209B-455D-8180-312D56F6F3F2}.exe Moved to quarantine successfully : C:\Windows\Temp\{1324C249-2E77-4E31-82B7-EC47A27F0D61}.exe Moved to quarantine successfully : C:\Windows\Temp\{362EF99B-71FA-4984-BB8C-457ED11837D1}.exe Moved to quarantine successfully : C:\Windows\Temp\{83144BCC-56A8-4DF7-8FEF-06292868D6FD}.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\avg-secure-search-installer.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\DriverInstaller.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\DriverInstaller_64.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\ScriptHelper.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\ToolbarUpdater.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ConfigFiles\MachineIdCreator.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\lip.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\PostInstall.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\Uninstall.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\vprot.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\avg-secure-search-installer.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\DriverInstaller.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\DriverInstaller_64.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\ScriptHelper.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\ToolbarUpdater.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ConfigFiles\MachineIdCreator.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\lip.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\PostInstall.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\Uninstall.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\vprot.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\avg-secure-search-installer.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\DriverInstaller.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\DriverInstaller_64.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\ScriptHelper.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\ToolbarUpdater.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ConfigFiles\MachineIdCreator.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\lip.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\PostInstall.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\Uninstall.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\vprot.exe Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\MatsBoot.exe Moved to quarantine successfully : C:\Windows\Temp\RunBoot-Temp_.457fc30d-6400-4f84-9bfa-476b70ada0bb\Tool\wextract.exe Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\components\avg-dnt-policy.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\components\toolbarhomeApi.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\avg-dnt-adapter.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\avgJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\configuration.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\HistoryCleaner.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\IOJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\Preferences.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\modules\propertiesJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\avgMozXPCOM.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\components\avg-dnt-policy.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\components\nci.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\components\toolbarhomeApi.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avg-dnt-adapter.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\avgJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\configuration.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\HistoryCleaner.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\IOJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\Preferences.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\modules\propertiesJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.8.1.min.js Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\avgMozXPCOM.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\components\avg-dnt-policy.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\components\nci.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\components\toolbarhomeApi.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avg-dnt-adapter.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\avgJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\configuration.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\HistoryCleaner.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\IOJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\Preferences.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\modules\propertiesJsm.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\jquery-1.5.1.min.js Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgFiles\AVG Secure Search\UninstallRes\ClientPackage\JQueyExtensions.js Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\ProgData\AVG Secure Search\FireFoxExt\13.2.0.5\chrome.manifest Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\binarylines.manifest Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\ProgData\AVG Secure Search\FireFoxExt\14.2.0.1\chrome.manifest Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\binarylines.manifest Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\ProgData\AVG Secure Search\FireFoxExt\14.1.0.10\chrome.manifest Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\avgtpx64.sys Moved to quarantine successfully : C:\Windows\Temp\avg_a04408\CommonFiles\AVG Secure Search\avgtpx86.sys Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\avgtpx64.sys Moved to quarantine successfully : C:\Windows\Temp\avg_a05720\CommonFiles\AVG Secure Search\avgtpx86.sys Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\avgtpx64.sys Moved to quarantine successfully : C:\Windows\Temp\avg_a06020\CommonFiles\AVG Secure Search\avgtpx86.sys Moved to quarantine successfully : C:\Windows\Temp\TMP000000011308AFD0C71C7567 Moved to quarantine successfully : C:\Windows\Temp\TMP000000013202830A0C4F5135 Moved to quarantine successfully : C:\Windows\Temp\TMP00000001431B8452A880AF8F Moved to quarantine successfully : C:\Windows\Temp\TMP00000001700C34B3D1AD2694 Moved to quarantine successfully : C:\Windows\Temp\TMP00000008A0BEF11095F2CA33 Moved to quarantine successfully : C:\Windows\Temp\TMP0000000CD97377DD2910C9F5 Moved to quarantine successfully : C:\Windows\Temp\TMP0000001088C2526A123631CA Moved to quarantine successfully : C:\Windows\Temp\TMP000000125D7E03DFDF02B750 Moved to quarantine successfully : C:\Windows\Temp\TMP000000126E1D2E7FD3131EC9 Moved to quarantine successfully : C:\Windows\Temp\TMP00000017068C90B5D12F8FD7 Moved to quarantine successfully : C:\Windows\Temp\TMP00000023D7DD735E4A75BE41 Moved to quarantine successfully : C:\Windows\Temp\TMP00000031A6F3D2522C7AB686 Moved to quarantine successfully : C:\Windows\Temp\TMP0000003D4C89FB76A3CBB05C Moved to quarantine successfully : C:\Windows\Temp\TMP00000040A78FBB3FEBF6A6F6 Moved to quarantine successfully : C:\Windows\Temp\TMP00000047DF06B4103ECAA6AA Moved to quarantine successfully : C:\Windows\Temp\TMP0000007D5B296A7774457213 Moved to quarantine successfully : C:\Windows\Temp\TMP000000A0EF38A1857CA92B92 Moved to quarantine successfully : C:\Users\Guilliane\AppData\Roaming\Jewel Match 3\highscores.dat Moved to quarantine successfully : C:\Users\Guilliane\AppData\Roaming\BitComet\CRASHLOG.DAT Moved to quarantine successfully : C:\Users\Guilliane\AppData\Roaming\SoftGrid Client\userinfo.dat Moved to quarantine successfully : C:\Users\Guilliane\AppData\Roaming\SoftGrid Client\shortcut_ex.dat Moved to quarantine successfully : C:\Users\Guilliane\AppData\Local\Temp\tb01NE.dll Moved to quarantine successfully : C:\Users\Guilliane\AppData\Local\Temp\avguidx.dll Moved to quarantine successfully : C:\Users\Guilliane\Downloads\GotClip_Setup.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\Webplayer_FR.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\iLividSetupV1.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\iLividSetupV1 (1).exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\mbox411.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\avg-antivirus-free-edition-2012_avg_antivirus_free_edition_2012_build_1809_francais_10997.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\AdobeDownloadAssistant.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\MicrosoftFixit.wu.LB.34287252278878312.1.1.Run.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\dotnetfx35setup.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\Windows-KB890830-V4.18.exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\dotnetfx35setup (1).exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\dotnetfx35setup (2).exe Moved to quarantine successfully : C:\Users\Guilliane\Downloads\winlogon.exe Deleted : [HKU\S-1-5-21-3162039256-3928551421-1867649913-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[SearchProtect] : C:\Users\Guilliane\AppData\Roaming\SearchProtect\cltmng.exe Moved to quarantine successfully : C:\Users\Guilliane\AppData\Roaming\SearchProtect\cltmng.exe Moved to quarantine successfully : C:\bootsqm.dat Moved to quarantine successfully : C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} Moved to quarantine successfully : C:\Users\Guilliane\AppData\Roaming\WildTangent Moved to quarantine successfully : C:\Windows\assembly\tmp\ Prefetch -> Emptied Suspect : C:\Users\Guilliane\AppData\Roaming\Jewel Match 3\match2_0.mtc Suspect : C:\Users\Guilliane\AppData\Roaming\Jewel Match 3\match_0.mtc Suspect : C:\Users\Guilliane\AppData\Roaming\Jewel Match 3\match_0.lev Suspect : C:\Users\Guilliane\AppData\Roaming\Jewel Match 3\match2_0.lev Suspect : C:\Users\Guilliane\AppData\Roaming\Jewel Match 3\config.bin Suspect : C:\Users\Guilliane\AppData\Roaming\BitComet\CRASH.DMP Suspect : C:\Users\Guilliane\AppData\Local\Temp\wmplog00.sqm Suspect : C:\Users\Guilliane\AppData\Local\Temp\avginfo.id Suspect : C:\Users\Guilliane\AppData\Local\Temp\1438859.cvr Suspect : C:\Users\Guilliane\AppData\Local\Temp\{90140011-0066-040C-0000-0000000FF1CE} Suspect : C:\Users\Guilliane\AppData\Local\Temp\ichcop Suspect : C:\Users\Guilliane\AppData\Local\Temp\wuZipFilePaths Suspect : C:\Users\Guilliane\AppData\Local\Temp\WindowsUpdateTroubleShooter_resolverRan Suspect : C:\Users\Guilliane\AppData\Local\Temp\WindowsUpdateTroubleShooter Suspect : C:\Users\Guilliane\AppData\Local\Temp\350781a6-11f0-46d7-85be-b091703b6481 Suspect : C:\Users\Guilliane\AppData\Local\Temp\b4b12287-be72-47fa-8aab-9a86925a75ee Suspect : C:\Windows\LMv4.UNI Suspect : C:\Windows\Acer.tag Suspect : C:\Windows\ChangeLang_Done.tag Suspect : C:\Windows\MOD01SET5K000G0002.enc Suspect : C:\Windows\MOD01SET75000H0007.enc Suspect : C:\Windows\MOD01SET74FR0H0005.enc Suspect : C:\Windows\MOD01SET78000G001H.enc Suspect : C:\Windows\MOD01OPK04000H0001.enc Suspect : C:\Windows\MOD01SET00000000U3.enc Suspect : C:\Windows\mib.bin ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 4 | Restored : 4 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 15 | Restored : 15 ~ [Desktop] : Hidden : 10 | Restored : 10 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 98 | Restored : 98 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 22 | Restored : 22 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 End : 07:07:44 Pre_Scan_Protect.exe Stopped successfully ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped 04:33:10 : sftlist.exe 04:33:11 : sftlist.exe 04:33:12 : sftlist.exe 04:33:12 : sftlist.exe 04:33:20 : WLIDSVC.EXE 04:33:40 : SearchIndexer.exe 04:34:10 : spoolsv.exe 04:35:10 : msiexec.exe 04:35:10 : spoolsv.exe 04:35:11 : sppsvc.exe 04:40:12 : sppsvc.exe 05:03:28 : taskhost.exe 05:13:28 : SearchIndexer.exe 05:13:59 : SearchIndexer.exe 06:03:34 : taskhost.exe 06:41:40 : SearchIndexer.exe 06:41:47 : SearchIndexer.exe 07:07:28 : taskhost.exe ~ Thx to C_XX , Slyk for their help for the evolution of the tool ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 544