¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.01.31.3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:30:07 ~ Update on 31/01/2014 | 15.30 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [François (Administrator)] - [KIMAHRI] ~ SID = S-1-5-21-1561733727-3290042885-41572468-1000 Boot mode : Normal ~ System : Windows 7 Home Premium (64 bits) HomePremium ~ ProcessorNameString : AMD Athlon(tm) II X4 635 Processor ~ Identifier : AMD64 Family 16 Model 5 Stepping 3 ~ Memory RAM = Total (MB) : 4194 | Free (MB) : 3062 ~ Pagefile = Total (MB) : 8385 | Free (MB) : 7130 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4032 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\oobe.cmd C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [OS] | Total : 940930 Mo | Free : 581100 Mo -> NTFS d:\-> [Fixed] | [HP_RECOVERY] | Total : 12830 Mo | Free : 1570 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ~ Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\François Registry saved, to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 8.0.7600.17267 (© Microsoft Corporation.) GC : 32.0.1700.102 (Copyright 2012 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 11.1.102.55 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Trend Micro Titanium Internet Security Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 988 | C:\Windows\system32\atiesrxx.exe (.AMD - AMD External Events Service Module.) - (6.14.11.1143) -> C:\Windows\system32\atiesrxx.exe 420 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted 1152 | C:\Windows\system32\atieclxx.exe (.AMD - AMD External Events Client Module.) - (6.14.11.1143) -> atieclxx 1464 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7600.16962) -> C:\Windows\System32\spoolsv.exe 1664 | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.6.5.0) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 1680 | C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) - (2.5.0.1437) -> uiWatchDog.exe 1588 1808 | C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) -> "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService 1840 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" 1868 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 1908 | C:\Windows\SysWOW64\ezSharedSvcHost.exe (.EasyBits Software AS - Shared EasyBits services for Windows.) - (5.0.0.101) -> C:\Windows\SysWOW64\ezSharedSvcHost.exe 1992 | C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (.LogMeIn, Inc. - LMIGuardianSvc.) - (10.1.0.1642) -> "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" 1732 | C:\Windows\SysWOW64\PnkBstrA.exe (. - .) - (0.0.0.0) -> C:\Windows\SysWOW64\PnkBstrA.exe 2052 | C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.1.158.0) -> "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" 2196 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" 2260 | C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - (2.2.0.114) -> "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s 2288 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4225.0) -> WLIDSvcM.exe 2196 3032 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7600.16385) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 2572 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16808) -> C:\Windows\system32\SearchIndexer.exe /Embedding 3280 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7600.16385) -> "taskhost.exe" 2952 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16768) -> C:\Windows\Explorer.EXE 3312 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" 2968 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray 3260 | C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (.AMD - HydraDM.) - (4.0.64.0) -> "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" 1472 | C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) - (130.0.422.0) -> "C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe" 4316 | C:\Program Files (x86)\iTunes\iTunesHelper.exe (.Apple Inc. - iTunesHelper.) - (11.0.5.5) -> "C:\Program Files (x86)\iTunes\iTunesHelper.exe" 4332 | C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (.AMD - HydraDMH64.) - (4.0.1.0) -> HydraDM64.exe -h:196678 "Agrandir pour remplir le Bureau" "Agrandir à la fenêtre" "Restaurer le bureau" 4368 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (2.0.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow 4472 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe" 5072 | C:\Program Files\iPod\bin\iPodService.exe (.Apple Inc. - iPodService Module (64-bit).) - (11.0.5.5) -> "C:\Program Files\iPod\bin\iPodService.exe" 5848 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (.Hewlett-Packard Co. - HP CUE Status Root.) - (130.0.469.0) -> "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4380 series#1338033942" -Startup 5916 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) - (130.0.80.0) -> "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding 5960 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (.Hewlett-Packard - GPCore COM object.) - (130.0.14.16) -> "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding 6032 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (3.5.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 4080 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 5804 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4080.0.1921379999\831548366" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=1002 --gpu-device-id=6739 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=12.104.0.0 --ignored=" --type=renderer " /prefetch:822062411 5372 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4080.3.322506015\81143799" --ppapi-flash-args --lang=fr --ignored=" --type=renderer " /prefetch:-632637702 3296 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4080.4.2084202813\112533701" /prefetch:673131151 2920 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_10/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="4080.12.1966861525\769339404" /prefetch:673131151 5716 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7600.16699) -> taskeng.exe {64A739A6-6774-45B8-A513-4F3506EA0164} ¤¤¤¤¤¤¤¤¤¤ | Running processes [14/07/2009 00:36:49] - 604 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [14/07/2009 00:19:28] - 816 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [14/07/2009 00:19:28] - 896 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [14/07/2009 00:19:28] - 128 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 528 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1084 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [14/07/2009 00:19:28] - 1236 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [14/07/2009 00:19:28] - 1504 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [14/07/2009 00:19:28] - 1636 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [14/07/2009 00:19:28] - 1968 | C:\Windows\SysWOW64\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt [20992 Ko] [14/07/2009 00:19:28] - 1132 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k HPZ12 [20992 Ko] [14/07/2009 00:19:28] - 716 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k HPZ12 [20992 Ko] [14/07/2009 00:19:28] - 1244 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k regsvc [20992 Ko] [14/07/2009 00:19:28] - 2972 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k HPService [20992 Ko] [14/07/2009 00:19:28] - 2436 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [31/01/2014 13:25:20] - 4028 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 Ko] [14/07/2009 00:19:28] - 4884 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServicePeerNet [20992 Ko] [31/01/2014 20:12:09] - 4224 | C:\Users\François\Downloads\Pre_Scan.exe (. - Pre_Scan.) - (4.1.31.3) -> "C:\Users\François\Downloads\Pre_Scan.exe" [2713088 Ko] [14/07/2009 00:30:40] - 3816 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\wmiprvse.exe [254976 Ko] [14/07/2009 00:19:28] - 4548 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [14/07/2009 00:41:43] - 2504 | C:\Windows\System32\rundll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding [44544 Ko] [21/09/2010 14:49:00] - 5728 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 Ko] [21/09/2010 14:49:00] - 4128 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4225.0) -> WLIDSvcM.exe 5728 [222592 Ko] [14/07/2009 01:24:40] - 4480 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7600.16385) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko] [02/07/2011 11:51:02] - 1320 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16808) -> C:\Windows\system32\SearchIndexer.exe /Embedding [428032 Ko] [21/12/2012 15:27:46] - 3912 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [57008 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Changed : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 Repaired : [HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files (x86)\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0 Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Deleted : HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{6527fa51-5b8a-11e0-b0d8-7071bc226719} | AutoRun\command : H:\LaunchU3.exe -a ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0 ¤¤¤¤¤¤¤¤¤¤ | Security Center Repaired : [HKLM64\Software\Microsoft\Security Center]|[AutoUpdateDisableNotify] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\Compbatt] : 3 -> 0 Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\Wlansvc] : 3 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/ Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : about:blank -> http://www.google.com/ Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : about:blank -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Start Page] : about:blank -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : %SystemRoot%\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://www.google.fr -> res://ieframe.dll/tabswelcome.htm ¤ Repaired : [HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Zaccess Moved to quarantine successfully : C:\Users\François\AppData\Local\Google\Desktop\Install Removed : C:\$Recycle.bin\S-1-5-21-1122686118-2674280528-676892855-500 Removed : C:\$Recycle.bin\S-1-5-21-1561733727-3290042885-41572468-500 Removed : C:\$Recycle.bin\S-1-5-20 Removed : C:\$Recycle.bin\S-1-5-18 Removed : C:\$Recycle.bin\S-1-5-21-1561733727-3290042885-41572468-1000 Deleted : HKU\S-1-5-21-1561733727-3290042885-41572468-1000\Software\A08F8D054440921EA99C506831004251 Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : QuickTime Task Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : iTunesHelper Moved to quarantine successfully : C:\install.exe Moved to quarantine successfully : C:\TIS3264FR2010.exe Moved to quarantine successfully : C:\install.res.1028.dll Moved to quarantine successfully : C:\install.res.1031.dll Moved to quarantine successfully : C:\install.res.1033.dll Moved to quarantine successfully : C:\install.res.1036.dll Moved to quarantine successfully : C:\install.res.1040.dll Moved to quarantine successfully : C:\install.res.1041.dll Moved to quarantine successfully : C:\install.res.1042.dll Moved to quarantine successfully : C:\install.res.2052.dll Moved to quarantine successfully : C:\install.res.3082.dll Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\François\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Moved to quarantine successfully : C:\Users\François\AppData\LocalLow\Sun\Java\Deployment\cache\security Prefetch -> Emptied Will disinfect at reboot : C:\Windows\System32\services.exe - Restored from : C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 941G No No 206,848 927,032,832 2 2 07-NTFS 13G No No 927,239,680 26,281,984 ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1 End : 20:41:10 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 314