¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0918 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:46:09 ~ Update on 18/09/2013 | 08.15 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [DIARRACALEB (Administrator)] - [CAMARA-PC] ~ SID = S-1-5-21-3468152146-3361463936-1078191254-1000 ~ System : Windows 7 Professional (32 bits) Professional Service Pack 1 ~ TotalValidations : 4 ~ ProcessorNameString : Intel(R) Pentium(R) CPU B940 @ 2.00GHz ~ Identifier : x86 Family 6 Model 42 Stepping 7 ~ Memory RAM = Total (MB) : 3582 | Free (MB) : 2754 ~ Pagefile = Total (MB) : 7162 | Free (MB) : 6364 ~ Virtual = Total (MB) : 2097 | Free (MB) : 1981 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [] | Total : 100000 Mo | Free : 61030 Mo -> NTFS d:\-> [Fixed] | [] | Total : 376930 Mo | Free : 150400 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates Last(s) détection(s) : 2013-09-24 15:48:24 Last(s) download(s) : 2013-09-24 16:18:06 Last(s) installation(s) : 2013-09-24 16:18:47 Next search : 2013-09-25 12:46:39 ¤¤¤¤¤¤¤¤¤¤ | services WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\DIARRACALEB ~ C:\Users\DefaultAppPool New restorepoint created Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 1396 | C:\Windows\system32\WLANExt.exe (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.1.7600.16385) -> C:\Windows\system32\WLANExt.exe 3021256 1724 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 1776 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1824 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 244 | C:\Windows\System32\igfxtray.exe (.Intel Corporation - igfxTray Module.) - (8.15.10.2353) -> "C:\Windows\System32\igfxtray.exe" 332 | C:\Windows\System32\hkcmd.exe (.Intel Corporation - hkcmd Module.) - (8.15.10.2353) -> "C:\Windows\System32\hkcmd.exe" 352 | C:\Windows\System32\igfxpers.exe (.Intel Corporation - persistence Module.) - (8.15.10.2353) -> "C:\Windows\System32\igfxpers.exe" 356 | C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (.Adobe Systems Inc. - AcroTray.) - (8.0.137.0) -> "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe" 476 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Computer, Inc. - Bonjour Service.) - (1.0.3.1) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 1324 | C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (.Nero AG - Nero Home.) - (2.0.16.0) -> "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" 1428 | C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (.Hewlett-Packard Company - .) - (1.10.13.1) -> "C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden 1640 | C:\Program Files\Windows Sidebar\sidebar.exe (.Microsoft Corporation - Gadgets du Bureau Windows.) - (6.1.7601.17514) -> "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun 2068 | C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE (.Microsoft Corporation - Microsoft Encarta Dictionaries.) - (16.0.4321.1117) -> "C:\Program Files\Microsoft Etudes\Microsoft Encarta 2008 - Études DVD\EDICT.EXE" -m 2244 | D:\Program Files\Freemake\CaptureLib\CaptureLibService.exe (.Ellora Assets Corp. - CaptureLibService.) - (1.0.0.0) -> "D:\Program Files\Freemake\CaptureLib\CaptureLibService.exe" 2336 | D:\Program Files\SuperCopier2\SuperCopier2.exe (.SFX TEAM - SuperCopier 2 (explorer file copy replacement).) - (2.2.0.650) -> "D:\Program Files\SuperCopier2\SuperCopier2.exe" 2448 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe (.Hewlett-Packard Company - LightScribe Service.) - (1.10.13.1) -> "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 2592 | C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (.Microsoft Corporation - SMSvcHost.exe.) - (3.0.4506.5420) -> "C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" 2680 | C:\Windows\System32\tcpsvcs.exe (.Microsoft Corporation - TCP/IP Services Application.) - (6.1.7600.16385) -> C:\Windows\System32\tcpsvcs.exe 2824 | C:\Windows\System32\system\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows .) - (1.0.0.1) -> C:\Windows\System32\system\svchost.exe msg 3152 | C:\security\svchost.exe (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) - (5.8.7600.16385) -> "C:\security\svchost.exe" /e:VBScript.Encode "C:\security\blood.dat 3436 | C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (.Macrovision Europe Ltd. - Activation Licensing Service.) - (11.3.5.1) -> "C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" 3536 | C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (.Nero AG - Nero Home.) - (2.0.16.0) -> "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" 3748 | C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (.Nero AG - Nero Home.) - (2.0.16.0) -> "C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe" -Embedding 4052 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 996 | C:\Program Files\Mozilla Firefox\firefox.exe (.Mozilla Corporation - Firefox.) - (23.0.1.4974) -> "C:\Program Files\Mozilla Firefox\firefox.exe" 4204 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (29.0.1547.76) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" 5260 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 5252 | C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (.Realsil Microelectronics Inc. - Realtek Card Reader Patch Tool..) - (1.5.3.1) -> "C:\Program Files\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe" 4780 | C:\Windows\system32\notepad.exe (.Microsoft Corporation - Bloc-notes.) - (6.1.7600.16385) -> "C:\Windows\system32\notepad.exe" 3412 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [16/05/2013 09:57:53] - 316 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [69632 Ko] [13/07/2009 23:11:09] - 408 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [13/07/2009 23:36:49] - 484 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [13/07/2009 23:11:09] - 496 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [13/07/2009 23:11:26] - 532 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [259072 Ko] [11/09/2012 17:39:30] - 556 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [22528 Ko] [08/11/2012 20:36:02] - 564 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [267776 Ko] [08/11/2012 20:36:05] - 700 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe /w,e [286720 Ko] [13/07/2009 23:19:28] - 728 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [13/07/2009 23:19:28] - 816 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [13/07/2009 23:19:28] - 880 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [13/07/2009 23:19:28] - 956 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [13/07/2009 23:19:28] - 1004 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [13/07/2009 23:19:28] - 1032 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [13/07/2009 23:19:28] - 1152 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [20992 Ko] [13/07/2009 23:19:28] - 1300 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [13/07/2009 23:19:28] - 1508 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [12/09/2013 18:45:32] - 1536 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (8.0.1497.376) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [46808 Ko] [13/07/2009 23:24:23] - 1688 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [92672 Ko] [12/09/2013 18:45:32] - 2040 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (8.0.1497.376) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4858968 Ko] [13/07/2009 23:19:28] - 400 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k apphost [20992 Ko] [13/07/2009 23:19:28] - 2408 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k ftpsvc [20992 Ko] [13/07/2009 23:19:28] - 2548 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LPDService [20992 Ko] [13/07/2009 23:19:28] - 2752 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [20992 Ko] [13/07/2009 23:19:28] - 2872 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k iissvcs [20992 Ko] [13/07/2009 23:19:28] - 3580 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [13/07/2009 23:19:28] - 2476 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [13/07/2009 23:19:28] - 3928 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [20992 Ko] [24/09/2013 18:38:43] - 1372 | C:\Users\DIARRACALEB\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.9.18) -> "C:\Users\DIARRACALEB\Downloads\winlogon.exe /w,e" [2570267 Ko] [08/11/2012 20:36:01] - 2264 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [16/09/2013 13:48:34] - 3924 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.9.16) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe /p" [312669 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files\Google\Chrome\Application\chrome.exe" -> "C:\Users\DIARRACALEB\AppData\Local\Google\Chrome\Application\Chrome.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 Repaired : [HKU\S-1-5-18\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{167f4975-ef98-11e2-b555-e06995c60c76} | AutoRun\command : F:\.\Setup.exe AUTORUN=1 Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{1af2a9e2-fbe9-11e1-ad77-c467840c9612} | AutoRun\command : G:\.\Setup.exe AUTORUN=1 Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{5b5128ae-fbe7-11e1-a494-8ab557e1b175} | AutoRun\command : G:\.\Setup.exe AUTORUN=1 Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{7869d5c6-d2a9-11e2-b495-e06995c60c76} | AutoRun\command : F:\AutoRun.exe Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{9ecf136a-fdf4-11e1-91db-e06995c60c76} | AutoRun\command : G:\.\Setup.exe AUTORUN=1 Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{b480a894-0991-11e3-a6d9-e06995c60c76} | AutoRun\command : F:\AutoRun.exe Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{cb60bc65-fc82-11e1-a996-e06995c60c76} | AutoRun\command : G:\AutoRun.exe Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{cb60bc70-fc82-11e1-a996-e06995c60c76} | AutoRun\command : G:\AutoRun.exe Deleted : HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{cb60bc8f-fc82-11e1-a996-e06995c60c76} | AutoRun\command : G:\AutoRun.exe ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 Repaired : [HKLM | Services\Wwansvc] : 2 -> 3 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://www.bing.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.bing.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[ProxyOverride] : ;*.local -> *.local Repaired : [HKU\S-1-5-21-3468152146-3361463936-1078191254-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection Possible Mabezat (bad offsets) : C:\Program Files\Mozilla Firefox\mozalloc.dll : E4230000F82300007E26000068260000582600003E260000222600000E260000 ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry