¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1013 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:46:43 ~ Update on 13/10/2013 | 12.30 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [martin (Administrator)] - [MARTIN-PC] ~ SID = S-1-5-21-243071503-98217081-583483930-1001 ~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ~ ProcessorNameString : Intel(R) Core(TM) i5-2310 CPU @ 2.90GHz ~ Identifier : Intel64 Family 6 Model 42 Stepping 7 ~ Memory RAM = Total (MB) : 8371 | Free (MB) : 6903 ~ Pagefile = Total (MB) : 16740 | Free (MB) : 15325 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4057 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\MonitorAuto_x64.exe C:\Windows\Setup\Scripts\MOD01SET5O000N0002.enc C:\Windows\Setup\Scripts\useralaunch.cmd C:\Windows\Setup\Scripts\OOBE.CMD C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [Gateway] | Total : 1416360 Mo | Free : 916020 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ¤¤¤¤¤¤¤¤¤¤ | services AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\martin New restorepoint created Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (848) -- nvvsvc.exe (1152) -- NvXDSync.exe (1164) -- nvvsvc.exe (1464) -- explorer.exe (1560) -- taskeng.exe (1588) -- spoolsv.exe (1700) -- taskhost.exe (1804) -- ActivControlsvc.exe (1824) -- AppleMobileDeviceService.exe (1988) -- taskeng.exe (1040) -- ipoint.exe (1096) -- itype.exe (1456) -- mDNSResponder.exe (1752) -- UpdaterService.exe (1972) -- nvSCPAPISvr.exe (2004) -- WLIDSVC.EXE (2220) -- RAVCpl64.exe (2308) -- Skype.exe (2816) -- iCloudServices.exe (2928) -- ApplePhotoStreams.exe (2904) -- AppleIEDAV.exe (732) -- TrustedInstaller.exe (3868) -- flashbridge-wrapper-crossplatform.exe (500) -- IAStorIcon.exe (3224) -- PDVD10Serv.exe (3372) -- HotkeyUtility.exe (3412) -- SearchIndexer.exe (3468) -- reader_sl.exe (2864) -- WUDFHost.exe (3740) -- agentantidote.exe (3864) -- AgentAntidote64.exe (3024) -- jusched.exe (3404) -- PdfPro7Hook.exe (3816) -- iTunesHelper.exe (3132) -- wmpnetwk.exe (2712) -- APSDaemon.exe (872) -- iPodService.exe (4204) -- SearchProtocolHost.exe (4236) -- SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations ¤ ¤¤¤¤¤¤¤¤¤¤ | Registry ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Deleted : HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\E | AutoRun\command : E:\LaunchU3.exe -a Deleted : HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{22fee2d6-0a5a-11e2-b7b3-e06995b0bacb} | AutoRun\command : E:\LaunchU3.exe -a Deleted : HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{62e2ad5c-d8ce-11e0-8baf-e06995b0bacb} | AutoRun\command : K:\SETUP.EXE Deleted : HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{962ec32d-3674-11e3-93b8-e06995b0bacb} | AutoRun\command : E:\LaunchU3.exe Deleted : HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{f8724a48-031d-11e1-b5d0-e06995b0bacb} | AutoRun\command : L:\DTLplus_Launcher.exe ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Service : BITS : Restored Service : WUAUSERV : Restored Repaired : [HKLM | Services\Compbatt] : 3 -> 0 Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\Bits] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 4 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Deleted : S-1-5-21-243071503-98217081-583483930-1001 : ProxyEnable : 1 ¤ Repaired : [HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.cyberpresse.ca/ -> http://www.google.com/ Repaired : [HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection Possible Ramnit (bad offsets) : C:\$Recycle.bin\recup_dir.5\f72576152.dll : E4BF00000010000000C0000000020000000000000000000000000000400000C02E78646174610090D41F000000D000000020000000C200000000000000000000 Possible Ramnit (bad offsets) : C:\$Recycle.bin\recup_dir.5\f72489872.dll : 40510000001000000052000000020000000000000000000000000000400000C02E786461746100906C1600000070000000180000005400000000000000000000 Possible Ramnit (bad offsets) : C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YXP81T1R\affich-28928270-win64-conedex-b-ou-c-ou-i-detecte-par-eset[1].htm : 3E646520706C75732079206120E76120617573736920737663686F73742E657865203D2667743B526F6F746B69742E544453530D0A3C6272202F3E6D65206A65 ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Deleted : HKU\S-1-5-21-243071503-98217081-583483930-1001\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION : svchost.exe Zaccess Moved to quarantine successfully : C:\Users\martin\AppData\Local\Google\Desktop\Install Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f0347176.dat Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f0559760.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f0704984_pegi-pt.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f0708808_pegi.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f0714968_pegi.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f0717488_pegi.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f7240832_Steamclient.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f7257696.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.1\f7360648.dat Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.2\f23132176_perfts.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.3\f35196888.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.3\f36162296.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.3\f36924952.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.3\f36944160.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f36974128.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f37532200.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f37844528.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f37857400.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f37861952.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f37862776.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f37929688.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38242568_system.resources.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38367376.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38864904.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38865928.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38913160.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38914536.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38915792.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38926408.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38966472.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f38995224.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f39006744.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f69109432.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.4\f70700528.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f71142008.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f71392272_oflc.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f72326376.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f72460112.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f72489872.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f72576152.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f74722040.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.5\f75392296_SABHelper.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f75403440.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f75536960.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f77928920.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78170552.dll Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78463848_appid_0000.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78696416.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78698056_appid_0000.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78698440_appid_0000.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78698936_appid_0000.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78699400.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f78773424.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.6\f79385472_appid_0000.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f80221336.exe Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f80774608_djctq.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f80891600_djctq.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f80977504_cob-au.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f81159776_pegi-pt.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f81460656_pegi.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f81821376_pegi.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f81835680_pegi.dll.mui Moved to quarantine successfully : C:\$Recycle.bin\recup_dir.7\f81913816.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-243071503-98217081-583483930-1001\$IDF8IS9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-243071503-98217081-583483930-1001\$IRNLMIP.exe Removed : C:\$Recycle.bin\recup_dir.7 Removed : C:\$Recycle.bin\recup_dir.6 Removed : C:\$Recycle.bin\recup_dir.5 Removed : C:\$Recycle.bin\recup_dir.4 Removed : C:\$Recycle.bin\recup_dir.3 Removed : C:\$Recycle.bin\recup_dir.2 Removed : C:\$Recycle.bin\recup_dir.1 Removed : C:\$Recycle.bin\S-1-5-21-1705721742-1139031322-1455724274-500 Removed : C:\$Recycle.bin\S-1-5-21-243071503-98217081-583483930-500 Removed : C:\$Recycle.bin\S-1-5-20 Removed : C:\$Recycle.bin\S-1-5-18 Removed : C:\$Recycle.bin\S-1-5-21-243071503-98217081-583483930-1001 Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\ev_clear.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\delfolders.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\FWPolicy.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\delorphans.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\medfos.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\TDL4.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\modules.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\ask.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\prelim.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\chrome.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\runvalues.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\firefox.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\misc.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\iexplore.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\searchlnk.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\get.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\JRT.bat Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsq783B.tmp\LangDLL.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsq783B.tmp\UAC.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsq783B.tmp\linker.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsq783B.tmp\InstallOptions.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsq783B.tmp\NSISdl.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nseF970.tmp\InstallOptions.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nspFF9.tmp\linker.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsp9C97.tmp\InstallOptions.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\UserInfo.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\NSISEncrypt.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\IpConfig.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\version.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\inetc.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\nsJSON.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nskC34F.tmp\ExecDos.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsv7958.tmp\InetC.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsv7958.tmp\nsExec.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsf7E76.tmp\InetC.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsf7E76.tmp\nsExec.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\nsg5989.tmp\inetc.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\SDIAG_4c77cb9b-dd2a-443b-b92e-14efcc12dc46\DiagPackage.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{7414E504-D8D9-41E2-846C-3B1CB307E268}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{52B25322-E8CC-411E-865D-797D24F0ADDC}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{8C43A7BC-9733-4D41-84B1-B84E54D29119}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{94AE8DB4-4FA7-4345-BD37-FDC9BF5C06A8}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{145868AB-17CD-40C9-B4CD-28D34A587A55}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{4A5A2182-9EE8-4426-8606-581CF1F3B582}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{97708470-B4DB-4C40-85D6-4271A49DF304}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{CC912973-B67F-4549-93AE-FE3364F399CD}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{27A7A6C3-FB21-44BC-BC9A-6FEE424FACC5}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{E75CD5B2-E3FA-4E7F-8D28-14C030B4FDAC}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{E75CD5B2-E3FA-4E7F-8D28-14C030B4FDAC}\ISSetup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{54E95A5F-4AA9-45B0-A800-0A5124D6693D}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{54E95A5F-4AA9-45B0-A800-0A5124D6693D}\ISSetup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{D3245F33-1061-4D1F-A6C4-7F9B88BD5BF8}\_Setup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{07995D63-77F3-48AD-994A-49AAA999F781}\ISSetup.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\shell32.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\kernel32.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\psapi.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\PyWinTypes27.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\pythoncom27.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\python27.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\wxbase294u_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\wxmsw294u_core_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\wxmsw294u_adv_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\wxmsw294u_html_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\mfc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\mfc90u.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\mfcm90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\mfcm90u.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\wxbase294u_net_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\wxmsw294u_webview_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\msvcr100.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\msvcp100.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\shell32.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\psapi.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\kernel32.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\PyWinTypes27.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\pythoncom27.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\python27.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\wxbase294u_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\wxmsw294u_core_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\wxmsw294u_adv_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\wxmsw294u_html_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\mfc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\mfc90u.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\mfcm90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\mfcm90u.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\wxbase294u_net_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\wxmsw294u_webview_vc90.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\msvcr100.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\msvcp100.dll Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\7zOA342.tmp\video-converter-ultimate6.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\VSD7419.tmp\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\VSDB82E.tmp\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\VSDB1C8.tmp\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\953.dir\InstallFlashPlayer.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\A38F.dir\InstallFlashPlayer.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\690F.dir\InstallFlashPlayer.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-7b1d7e2c-c02f-4724-8bca-ca652527ad0b\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-dbc097b0-afe3-4de1-96df-44efd27ecbe2\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-686ca557-685b-488c-bf5e-8e2a18542eb1\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-0bd3cb51-af15-450c-8b43-6a9e52cc0c2a\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-d7216d88-b7ff-4c57-9afd-ad94397c59c6\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-5c2417cb-9675-491c-aee7-70fea71a9cb3\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-eb9cd788-fed9-4ab1-a0c3-4989fbff6014\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-75d28604-e199-4ad9-9e0b-fbf3b6e9e271\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-e70492b0-a666-4b47-8ac9-2e82ab12ab2b\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-9860d3de-820e-4073-b2e9-81aef5c05c36\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-516d1859-e203-4e74-8cde-357e750743a7\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-a3145d8f-ff66-492e-8a23-254f8cc4ce64\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-9647267b-4015-44fe-b4b2-709f5db181d7\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-4318ff0a-8a65-4041-b109-60575ccbf02f\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-4e1fea77-e933-40ba-bdf5-c679e88b097f\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\uninstaller-WTA-5ac3da73-dc7b-4101-bf82-8b5354311eb5\Uninstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{2353D848-14D4-4515-A117-DB7957C3DDC3}\ISBEW64.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{443740D5-DECA-4296-A931-164E9A0C0AA3}\ISBEW64.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{3D2CC40B-4A30-4DCD-8228-9EF0FBE795F3}\dotnetinstaller.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{3D2CC40B-4A30-4DCD-8228-9EF0FBE795F3}\ISBEW64.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\sketchup_install\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\sketchup_install1\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{E75CD5B2-E3FA-4E7F-8D28-14C030B4FDAC}\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{54E95A5F-4AA9-45B0-A800-0A5124D6693D}\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\{07995D63-77F3-48AD-994A-49AAA999F781}\setup.exe Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI37842\main.exe.manifest Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\_MEI91882\main.exe.manifest Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\datamngr_del.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\appinit_null.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\appinit64_null.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\FF_open_x64.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\CHR_open_x64.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\IE_open_x64.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\FF_open_x86.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\CHR_open_x86.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\IE_open_x86.reg Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temp\jrt\clean_shortcut.vbs Moved to quarantine successfully : C:\Users\martin\AppData\Local\088FCEEB-A1AA-4D9F-9A53-39FBCE8BA337.aplzod\main.db Moved to quarantine successfully : C:\Users\Default User\AppData\Local\IconCache.db Moved to quarantine successfully : C:\Users\martin\AppData\Local\IconCache.db Moved to quarantine successfully : C:\Users\martin\Downloads\seterra.exe Moved to quarantine successfully : C:\Users\martin\Downloads\HandBrake-0.9.8-x86_64-Win_GUI.exe Moved to quarantine successfully : C:\Users\martin\Downloads\K-Lite_Codec_Pack_9.8.0_Full.exe Moved to quarantine successfully : C:\Users\martin\Downloads\XMediaRecode3173_setup.exe Moved to quarantine successfully : C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-243071503-98217081-583483930-1001Core.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\FacebookUpdateTaskUserS-1-5-21-243071503-98217081-583483930-1001Core Moved to quarantine successfully : C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-243071503-98217081-583483930-1001UA.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\FacebookUpdateTaskUserS-1-5-21-243071503-98217081-583483930-1001UA Moved to quarantine successfully : C:\Users\martin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\YXP81T1R\affich-28928270-win64-conedex-b-ou-c-ou-i-detecte-par-eset[1].htm Moved to quarantine successfully : C:\Users\martin\AppData\Local\Temprad314CE.tmp Moved to quarantine successfully : C:\Windows\AutoKMS Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\martin\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Prefetch -> Emptied Suspect : C:\Users\martin\AppData\Roaming\calibre\tweaks.py Suspect : C:\Users\martin\AppData\Roaming\calibre\global.py Suspect : C:\Users\martin\AppData\Roaming\calibre\gui.py Suspect : C:\Users\martin\AppData\Roaming\redsn0w\Keys_729868293115768584.plist Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.1.2_10B146_iBSS.dfu Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.1.2_10B146_iBEC.dfu Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.0_10A403_iBSS.dfu Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.0_10A403_iBEC.dfu Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.1.3_10B329_iBSS.dfu Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.1.3_10B329_iBEC.dfu Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.1.2_10B146_manifest Suspect : C:\Users\martin\AppData\Roaming\redsn0w\iPod4,1_6.0_10A403_manifest Suspect : C:\Users\martin\AppData\Roaming\Microsoft\LastFlashConfig.wfc Suspect : C:\ProgramData\activboard.pnp\activboard Suspect : C:\Users\martin\AppData\Local\libimobiledevice\RootPrivateKey.pem Suspect : C:\Users\martin\AppData\Local\libimobiledevice\HostPrivateKey.pem Suspect : C:\Users\martin\AppData\Local\libimobiledevice\RootCertificate.pem Suspect : C:\Users\martin\AppData\Local\libimobiledevice\HostCertificate.pem Suspect : C:\Users\martin\AppData\Local\libimobiledevice\797bdf54b6a817a5b3b5a59f79f480b2c65a7541.pem Suspect : C:\Users\martin\AppData\Local\libimobiledevice\libimobiledevicerc Suspect : C:\Users\martin\AppData\Local\Temp\~e5.0001 Suspect : C:\Windows\patch.loag ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Music] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 5 | Restored : 5 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 115 | Restored : 115 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 32 | Restored : 32 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=14.3T Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 27-UNKNWN 14G No No 2,048 29,360,128 1 1 07-NTFS 100M Yes No 29,362,176 204,800 2 2 07-NTFS 14.2T No No 29,566,976 900,708,144 ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon]|[AutoRestartShell] : 1 End : 14:30:42 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped during the scan 13:36:27 : WUDFHost.exe 13:36:27 : explorer.exe 13:36:27 : WUDFHost.exe 13:36:28 : explorer.exe 13:36:28 : WUDFHost.exe 13:36:29 : WUDFHost.exe 13:36:29 : WUDFHost.exe 13:36:34 : wmpnetwk.exe 13:36:35 : SearchIndexer.exe 13:36:38 : WLIDSVC.EXE 13:36:48 : WLIDSVC.EXE 13:36:58 : SearchIndexer.exe 13:36:58 : wmpnetwk.exe 13:37:04 : wmpnetwk.exe 13:37:05 : SearchIndexer.exe 13:37:26 : spoolsv.exe 13:37:26 : AppleMobileDeviceService.exe 13:38:26 : spoolsv.exe 13:38:26 : AppleMobileDeviceService.exe 13:38:28 : TrustedInstaller.exe 13:39:27 : AppleMobileDeviceService.exe 13:40:27 : AppleMobileDeviceService.exe 13:41:27 : AppleMobileDeviceService.exe 13:42:28 : AppleMobileDeviceService.exe 13:43:28 : AppleMobileDeviceService.exe 13:44:28 : AppleMobileDeviceService.exe 13:45:29 : AppleMobileDeviceService.exe 13:46:29 : AppleMobileDeviceService.exe 13:47:04 : SearchIndexer.exe 13:47:29 : AppleMobileDeviceService.exe 13:48:29 : AppleMobileDeviceService.exe 13:49:30 : AppleMobileDeviceService.exe 13:50:18 : SearchIndexer.exe 13:50:19 : SearchProtocolHost.exe 13:50:30 : AppleMobileDeviceService.exe 13:51:31 : AppleMobileDeviceService.exe 13:52:31 : AppleMobileDeviceService.exe 13:53:31 : AppleMobileDeviceService.exe 13:54:31 : AppleMobileDeviceService.exe 13:55:32 : AppleMobileDeviceService.exe 13:56:32 : AppleMobileDeviceService.exe 13:57:32 : AppleMobileDeviceService.exe 13:58:33 : AppleMobileDeviceService.exe 13:59:34 : AppleMobileDeviceService.exe 14:00:34 : AppleMobileDeviceService.exe 14:00:34 : taskhost.exe 14:01:34 : AppleMobileDeviceService.exe 14:02:34 : AppleMobileDeviceService.exe 14:03:35 : AppleMobileDeviceService.exe 14:04:35 : AppleMobileDeviceService.exe 14:05:35 : AppleMobileDeviceService.exe 14:05:38 : SearchIndexer.exe 14:06:35 : AppleMobileDeviceService.exe 14:06:57 : SearchIndexer.exe 14:07:28 : SearchIndexer.exe 14:07:37 : AppleMobileDeviceService.exe 14:08:37 : AppleMobileDeviceService.exe 14:09:38 : AppleMobileDeviceService.exe 14:10:38 : AppleMobileDeviceService.exe 14:11:38 : AppleMobileDeviceService.exe 14:12:38 : AppleMobileDeviceService.exe 14:13:39 : AppleMobileDeviceService.exe 14:14:39 : AppleMobileDeviceService.exe 14:15:39 : AppleMobileDeviceService.exe 14:16:40 : AppleMobileDeviceService.exe 14:17:40 : AppleMobileDeviceService.exe 14:18:40 : AppleMobileDeviceService.exe 14:19:40 : AppleMobileDeviceService.exe 14:20:41 : AppleMobileDeviceService.exe 14:21:41 : AppleMobileDeviceService.exe 14:22:41 : AppleMobileDeviceService.exe 14:23:42 : AppleMobileDeviceService.exe 14:23:44 : SearchIndexer.exe 14:23:54 : SearchIndexer.exe 14:24:42 : AppleMobileDeviceService.exe 14:25:42 : AppleMobileDeviceService.exe 14:26:42 : AppleMobileDeviceService.exe 14:27:43 : AppleMobileDeviceService.exe 14:28:43 : AppleMobileDeviceService.exe 14:29:43 : AppleMobileDeviceService.exe Pre_Scan_Protect.exe Stopped successfully ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 592