¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1029.2 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:05:05 ~ Update on 29/10/2013 | 11.40 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [jerome (Administrator)] - [JEROMEPC] ~ SID = S-1-5-21-2690816733-2754768188-3044336698-1000 ~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ~ ProcessorNameString : Intel(R) Core(TM) i5-2500 CPU @ 3.30GHz ~ Identifier : Intel64 Family 6 Model 42 Stepping 7 ~ Memory RAM = Total (MB) : 6273 | Free (MB) : 5067 ~ Pagefile = Total (MB) : 12545 | Free (MB) : 11336 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4041 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [] | Total : 476800 Mo | Free : 290970 Mo -> NTFS d:\-> [CDROM] | [TI-83frCD1.0] | Total : 30 Mo | Free : 0 Mo -> CDFS m:\-> [Removable] | [SD] | Total : 7580 Mo | Free : 7570 Mo -> FAT32 ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ¤¤¤¤¤¤¤¤¤¤ | Security AV : Microsoft Security Essentials Disabled AS : Microsoft Security Essentials Disabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | services WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = Stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\jerome ~ C:\Users\UpdatusUser New restorepoint created Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 752 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 331.58.) - (8.17.13.3158) -> "C:\Windows\system32\nvvsvc.exe" 776 | C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.3158) -> "C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" 312 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService 1044 | C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (.Creative Technology Ltd - Creative Audio Service.) - (3.11.0.0) -> "C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe" 1196 | C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.3158) -> "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" 1204 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 331.58.) - (8.17.13.3158) -> C:\Windows\system32\nvvsvc.exe -session -first 1388 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1520 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 1620 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 1804 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" 1824 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {4AEBD450-C416-4BC5-85D8-7A50F495004C} 1924 | c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (.Microsoft Corporation - IPoint.exe.) - (2.2.173.0) -> "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" 1932 | c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (.Microsoft Corporation - IType.exe.) - (2.2.173.0) -> "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" 1976 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 2016 | C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (.Hewlett-Packard Company - LightScribe Service.) - (1.14.25.1) -> "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" 1108 | C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (.NVIDIA - NVIDIA Performance Service.) - (6.5.26.5) -> "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe" /StartService 1460 | C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (.NVIDIA Corporation - NVIDIA Streamer Service.) - (1.5.28.0) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" 1868 | C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (.NVIDIA - NVIDIA nTune Command.) - (6.5.26.5) -> "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" gpureading 1704 | C:\Windows\system32\rundll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl 2116 | C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (.NVIDIA Corporation - NVIDIA Settings Update Manager.) - (8.3.14.1) -> "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" 2308 | C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (.NVIDIA - NVIDIA Update Center Service.) - (6.5.10.5) -> "C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe" /StartService 2520 | C:\Program Files\Microsoft Security Client\msseces.exe (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.3.219.0) -> "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey 2556 | C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (.NVIDIA Corporation - NVIDIA NvTmru Application.) - (8.3.14.1) -> "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe" 2616 | C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe (. - HOSTS Anti-PUPs/Adwares.) - (1.0.2.0) -> "C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe" 2960 | C:\Program Files (x86)\Skype\Phone\Skype.exe (.Skype Technologies S.A. - Skype .) - (6.6.59.106) -> "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun 2968 | C:\Windows\System32\spool\drivers\x64\3\E_IATIHKE.EXE (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (7.0.3.0) -> "C:\Windows\System32\spool\drivers\x64\3\E_IATIHKE.EXE" /EPT "EPLTarget\P0000000000000000" /M "Epson Stylus SX230" /EF "HKCU" 3004 | C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (.Hewlett-Packard Company - .) - (1.14.25.1) -> "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden 3056 | C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.3158) -> "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 3108 | C:\Windows\System32\WUDFHost.exe (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) -> "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-ab66b413-ad55-4b48-bdad-5f05db75c05e -SystemEventPortName:HostProcess-9e2a61d3-8ee4-4246-a71d-8b542a3d135e -IoCancelEventPortName:HostProcess-3393e743-49c6-44eb-bef5-57427d9ca1d9 -NonStateChangingEventPortName:HostProcess-fc9ff61f-1bd1-4d50-b459-74844ac9e48f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:33e998d6-0670-42e5-b9dc-870f0b61cd88 -DeviceGroupId:WpdFsGroup 3176 | C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (.SteelSeries ApS - SteelSeries Engine.) - (2.8.59.0) -> "C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe" 3480 | C:\Users\jerome\Desktop\wopt021\WLAN Optimizer.exe (.none - WLAN Optimizer.) - (9.8.7.0) -> "C:\Users\jerome\Desktop\wopt021\WLAN Optimizer.exe" 3512 | C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe (. - NetgearCUv2 MFC Application.) - (3.6.83.131) -> "C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe" 3524 | C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (.McAfee, Inc. - McAfee Security Scanner Scheduler.) - (3.0.318.0) -> "C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe" 3544 | C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (.Elaborate Bytes AG - Virtual CloneDrive Daemon.) - (5.4.5.0) -> "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s 3552 | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) - (2.0.7.2) -> "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 3560 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 3568 | C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe (. - NetgearCUv2 MFC Application.) - (3.6.83.131) -> "C:\Program Files (x86)\NETGEAR\WG111v3\WG111v3.exe" 3584 | C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (.RealNetworks, Inc. - RealNetworks Scheduler.) - (16.0.2.32) -> "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot 5036 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 4556 | C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe (.NVIDIA - NVIDIA GeForce Experience.) - (8.3.14.1) -> "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\GFExperience.exe" -downloadmgr 4708 | C:\Program Files (x86)\Skype\Updater\Updater.exe (.Skype Technologies - Skype Updater Service.) - (6.6.1.56732) -> "C:\Program Files (x86)\Skype\Updater\Updater.exe" 3452 | C:\Users\jerome\AppData\Local\fst_fr_6\Download\majfstfr.exe (.FreeSoftToday - FreeSoftToday Setup .) - (0.0.0.0) -> go=ofcourse country_id=FR product_id=UPD version_id=1306fstfr6 softs=im,wajam,plushd,babylon,qone8 4192 | C:\Users\jerome\AppData\Local\Temp\is-CG865.tmp\majfstfr.tmp (. - Setup/Uninstall.) - (51.52.0.0) -> "C:\Users\jerome\AppData\Local\Temp\is-CG865.tmp\majfstfr.tmp" /SL5="$2022A,3716228,56832,C:\Users\jerome\AppData\Local\fst_fr_6\Download\majfstfr.exe" go=ofcourse country_id=FR product_id=UPD version_id=1306fstfr6 softs=im,wajam,plushd,babylon,qone8 4144 | C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (.Sun Microsystems, Inc. - Java(TM) Update Checker.) - (2.0.7.2) -> "C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe" -auto 2152 | c:\Program Files\Microsoft Security Client\MpCmdRun.exe (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.3.219.0) -> "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SignatureUpdate -ScheduleJob -RestrictPrivileges -Reinvoke 4560 | C:\Windows\system32\conhost.exe (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.18229) -> \??\C:\Windows\system32\conhost.exe "1091106116-129112858372395405-3356547351360444850-433957605-1032557082411639672 4964 | C:\Program Files (x86)\Windows Media Player\wmplayer.exe (.Microsoft Corporation - Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding 1176 | C:\Program Files (x86)\Mozilla Firefox\firefox.exe (.Mozilla Corporation - Firefox.) - (24.0.0.5001) -> "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" 3232 | C:\Program Files (x86)\iTunes\iTunes.exe (.Apple Inc. - iTunes.) - (11.0.2.26) -> "C:\Program Files (x86)\iTunes\iTunes.exe" 3088 | C:\Program Files\iPod\bin\iPodService.exe (.Apple Inc. - iPodService Module (64-bit).) - (11.0.2.26) -> "C:\Program Files\iPod\bin\iPodService.exe" 2380 | C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (.Apple Inc. - distnoted.) - (1.630.18.0) -> "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe" 1876 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe" /RunHandlerComServer 3068 | C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.161.883.0.exe (.Microsoft Corporation - AntiMalware Definition Update.) - (1.161.976.0) -> "C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.161.883.0.exe" ANTIMALWARE /q 4440 | C:\Windows\system32\MpSigStub.exe (.Microsoft Corporation - Microsoft Malware Protection Signature Update Stub.) - (11.1.4406.0) -> MpSigStub.exe /program "C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.161.883.0.exe" ANTIMALWARE /q 4544 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 4424 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [11/09/2013 17:41:04] - 288 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18229) -> \SystemRoot\System32\smss.exe [112640 Ko] [14/07/2009 00:19:49] - 396 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 00:52:37] - 464 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko] [14/07/2009 00:19:49] - 488 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 00:19:46] - 532 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [02/03/2013 15:51:13] - 556 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [390656 Ko] [01/03/2013 14:20:09] - 564 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [31232 Ko] [02/03/2013 15:51:13] - 576 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [343040 Ko] [14/07/2009 00:31:13] - 692 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko] [14/07/2009 00:31:13] - 820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko] [12/08/2013 13:11:04] - 892 | c:\Program Files\Microsoft Security Client\MsMpEng.exe (.Microsoft Corporation - Antimalware Service Executable.) - (4.3.219.0) -> "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [23808 Ko] [14/07/2009 00:31:13] - 988 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko] [14/07/2009 00:31:13] - 120 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko] [14/07/2009 00:37:38] - 1576 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko] [14/07/2009 00:31:13] - 1684 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko] [14/07/2009 00:31:13] - 1740 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k NetworkService [27136 Ko] [14/07/2009 00:31:13] - 2264 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [27136 Ko] [14/07/2009 00:31:13] - 4820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko] [14/07/2009 00:31:13] - 1332 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko] [29/10/2013 13:03:00] - 2256 | C:\Users\jerome\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.10.29.2) -> "C:\Users\jerome\Downloads\winlogon.exe /w,e" [2578903 Ko] [14/07/2009 00:31:13] - 4448 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko] [14/07/2009 00:31:13] - 1488 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko] [02/03/2013 15:51:20] - 3020 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko] [01/03/2013 14:37:34] - 2336 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [591872 Ko] [01/03/2013 14:37:33] - 3984 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" [249856 Ko] [01/03/2013 14:37:33] - 1464 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524 [113664 Ko] [01/03/2013 14:11:49] - 3536 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [559104 Ko] [21/12/2012 16:27:46] - 2956 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [57008 Ko] [02/03/2013 15:51:17] - 3056 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {106BF5A0-2538-438B-BB30-1F76D2831A7E} [464384 Ko] [13/05/2013 14:35:58] - 4860 | c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (.Microsoft Corporation - IPoint.exe.) - (2.2.173.0) -> "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2108624 Ko] [13/05/2013 14:35:58] - 4036 | c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (.Microsoft Corporation - IType.exe.) - (2.2.173.0) -> "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1491664 Ko] [02/03/2013 15:51:18] - 2860 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [372736 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Repaired : [HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Deleted : HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{7affc8cd-8148-11e2-86bf-806e6f6e6963} | AutoRun\command : D:\setup.exe Contenu de D:\Autorun.inf : [autorun] open=setup.exe icon=img/cd.ico ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\Compbatt] : 3 -> 0 Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\DnsCache] : 4 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 4 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/?LinkId=69157 -> http://www.google.com/ Repaired : [HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection Possible Ramnit (bad offsets) : C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html : 6B566F6C756D65335C57696E646F77735C53797374656D33325C737663686F73742E6578653C2F74643E0D0D0A3C2F74723E0D0D0A3C2F7461626C653E3C7370 ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Removed : C:\$Recycle.bin\S-1-5-21-2690816733-2754768188-3044336698-1000 Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\ev_clear.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\delfolders.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\FWPolicy.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\delorphans.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\medfos.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\TDL4.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\modules.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\ask.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\prelim.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\chrome.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\runvalues.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\firefox.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\misc.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\iexplore.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\searchlnk.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\get.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\JRT.bat Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\is-RFTHV.tmp\innocallback.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\is-RFTHV.tmp\itdownload.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\70aeaca4-098f-4bcc-b0fa-e2544fb40678\CliSecureRT64.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\ISRT.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\_isres_0409.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\MSSetupAddinDllForVista.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\MSSetupAddinDll.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\BrowseFolderDll.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\KiesProgressDialog.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\msvcr90.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\msvcp90.dll Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\setup.exe Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\ISBEW64.exe Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\WriteDescExecuteFileName.exe Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\Execute2App.exe Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\Kies2RemoveAll.exe Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\{2DFCE302-C186-45A2-BB2B-BB3338DC2B2A}\Microsoft.VC90.CRT.manifest Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\datamngr_del.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\appinit_null.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\appinit64_null.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\FF_open_x64.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\CHR_open_x64.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\IE_open_x64.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\FF_open_x86.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\CHR_open_x86.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\IE_open_x86.reg Moved to quarantine successfully : C:\Users\jerome\AppData\Local\Temp\jrt\clean_shortcut.vbs Moved to quarantine successfully : C:\Users\jerome\AppData\Local\IconCache.db Moved to quarantine successfully : C:\Users\jerome\Downloads\mseinstall.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\jdk-7u15-windows-x64.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\uTorrent.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\PeerBlock-Setup_v1.1_r518.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\Minecraft.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\Minecraft_Server.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\vlc-media-player_vlc_media_player_2.0.5_francais_10829.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\iTunes64Setup.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\install_virtualdj_home_v7.3.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\wrar420fr.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\SetupVirtualCloneDrive5450.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\WindowsActivationUpdate.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\LeagueofLegends.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\IDoserFreeSetup-5.1.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\RealPlayer_fr.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\Silverlight_x64.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\Minecraft(1).exe Moved to quarantine successfully : C:\Users\jerome\Downloads\GTA_V_downloader(1).exe Moved to quarantine successfully : C:\Users\jerome\Downloads\HOSTS_Install_V2.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\LeagueofLegends_EUW_Installer_06_12_13.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\XET1001_V2.0.0.4_setup.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\327.23-desktop-win8-win7-winvista-64bit-international-whql.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\XET1001_V2.0.0.4_setup(1).exe Moved to quarantine successfully : C:\Users\jerome\Downloads\dotNetFx40_Client_setup.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\GPU-Z.0.7.3.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\SteelSeriesEngine_2.8.0059.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\TeamSpeak3-Client-win32-3.0.13.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\TIConnectV1.6_Fra.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\srs-samsung-unlock-Install.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\ccsetup406.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\EmsisoftAntiMalwareSetup.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\trjsetup688.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\adwcleaner.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\JRT.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\mbam-setup-1.75.0.1300.exe Moved to quarantine successfully : C:\Users\jerome\Downloads\OTL.exe Moved to quarantine successfully : C:\ProgramData\Microsoft\Windows\Power Efficiency Diagnostics\energy-report.html Deleted : [HKU\S-1-5-21-2690816733-2754768188-3044336698-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[WLAN Optimizer] : C:\Users\jerome\Desktop\wopt021\WLAN Optimizer.exe Moved to quarantine successfully : C:\Users\jerome\Desktop\wopt021\WLAN Optimizer.exe Deleted : [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]|[SPReview] : "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 Moved to quarantine successfully : |D| - C:\Users\jerome\AppData\Roaming\HOSTS Anti-Adwares Moved to quarantine successfully : |D| - C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\jerome\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Prefetch -> Emptied Suspect : C:\Users\jerome\AppData\Roaming\.minecraft\lastlogin Suspect : C:\ProgramData\SysDir\Settings.ic Suspect : C:\ProgramData\SysDir\Logs.ic Suspect : C:\ProgramData\Licenses\09AF235961F027E5D.Lic Suspect : C:\Users\jerome\AppData\Local\libimobiledevice\RootPrivateKey.pem Suspect : C:\Users\jerome\AppData\Local\libimobiledevice\HostPrivateKey.pem Suspect : C:\Users\jerome\AppData\Local\libimobiledevice\RootCertificate.pem Suspect : C:\Users\jerome\AppData\Local\libimobiledevice\HostCertificate.pem Suspect : C:\Users\jerome\AppData\Local\libimobiledevice\fcb296cca7804c0fb016239669707732365eee3d.pem Suspect : C:\Users\jerome\AppData\Local\libimobiledevice\libimobiledevicerc Suspect : C:\Users\jerome\AppData\Local\TeamSpeak 3 Client\usb.ids Suspect : C:\Windows\ctfile.rfc M:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Music] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 229 | Restored : 229 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 13 | Restored : 13 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=477G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 DE-UNKNWN 39M No No 63 80,262 1 1 07-NTFS 100M Yes No 81,920 204,800 2 2 07-NTFS 477G No No 286,720 976,484,352 ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon]|[AutoRestartShell] : 1 End : 13:20:49 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped during the scan 13:03:09 : 4124 | C:\Windows\explorer.exe 13:03:09 : 3424 | C:\Windows\System32\rundll32.exe 13:03:09 : 1232 | C:\Windows\System32\WUDFHost.exe 13:03:10 : 2596 | C:\Windows\explorer.exe 13:03:10 : 3580 | C:\Windows\System32\rundll32.exe 13:03:10 : 2224 | C:\Windows\System32\WUDFHost.exe 13:03:10 : 1868 | C:\Windows\System32\rundll32.exe 13:03:10 : 4892 | C:\Windows\System32\WUDFHost.exe 13:03:10 : 3368 | C:\Windows\System32\rundll32.exe 13:03:10 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:10 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:10 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:10 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 1116 | C:\Windows\System32\WUDFHost.exe 13:03:11 : 3428 | C:\Windows\System32\WUDFHost.exe 13:03:13 : 5040 | C:\Windows\System32\WUDFHost.exe 13:03:13 : 2708 | C:\Windows\System32\rundll32.exe 13:03:13 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:13 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:13 : 1048 | C:\Windows\System32\WUDFHost.exe 13:03:13 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:13 : 948 | C:\Windows\System32\rundll32.exe 13:03:13 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:14 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:14 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:14 : 1224 | C:\Windows\servicing\TrustedInstaller.exe 13:03:22 : 412 | C:\Windows\system32\svchost.exe ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 455