¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.01.31.3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 21:13:27 ~ Update on 31/01/2014 | 15.30 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [François (Administrator)] - [KIMAHRI] ~ SID = S-1-5-21-1561733727-3290042885-41572468-1000 Boot mode : Normal ~ System : Windows 7 Home Premium (64 bits) HomePremium ~ ProcessorNameString : AMD Athlon(tm) II X4 635 Processor ~ Identifier : AMD64 Family 16 Model 5 Stepping 3 ~ Memory RAM = Total (MB) : 4194 | Free (MB) : 3064 ~ Pagefile = Total (MB) : 8385 | Free (MB) : 7089 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4031 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\oobe.cmd C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [OS] | Total : 940930 Mo | Free : 580840 Mo -> NTFS d:\-> [Fixed] | [HP_RECOVERY] | Total : 12830 Mo | Free : 1570 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ~ Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\François Registry saved, to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 8.0.7600.17267 (© Microsoft Corporation.) GC : 32.0.1700.102 (Copyright 2012 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 11.1.102.55 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Trend Micro Titanium Internet Security Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 968 | C:\Windows\system32\atiesrxx.exe (.AMD - AMD External Events Service Module.) - (6.14.11.1143) -> C:\Windows\system32\atiesrxx.exe 1308 | C:\Windows\system32\atieclxx.exe (.AMD - AMD External Events Client Module.) - (6.14.11.1143) -> atieclxx 1348 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7600.16962) -> C:\Windows\System32\spoolsv.exe 1596 | C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe (.Trend Micro Inc. - Trend Micro Client Session Agent Monitor.) - (2.5.0.1437) -> uiWatchDog.exe 1520 1748 | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.6.5.0) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 1768 | C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) -> "C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService 1800 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" 1828 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 1868 | C:\Windows\SysWOW64\ezSharedSvcHost.exe (.EasyBits Software AS - Shared EasyBits services for Windows.) - (5.0.0.101) -> C:\Windows\SysWOW64\ezSharedSvcHost.exe 1960 | C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (.LogMeIn, Inc. - LMIGuardianSvc.) - (10.1.0.1642) -> "C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe" 1988 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" 1672 | C:\Windows\SysWOW64\PnkBstrA.exe (. - .) - (0.0.0.0) -> C:\Windows\SysWOW64\PnkBstrA.exe 2064 | C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.1.158.0) -> "C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE" 2212 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" 2300 | C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (.LogMeIn Inc. - Hamachi Client Tunneling Engine.) - (2.2.0.114) -> "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s 2944 | C:\Windows\System32\WUDFHost.exe (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) -> "C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-706bb120-3e85-4a75-93e4-d72d574aa1db -SystemEventPortName:HostProcess-5c96c6db-d6b2-4974-8bba-e7dfcf070061 -IoCancelEventPortName:HostProcess-adff61c1-4311-4969-9099-b04ff09c9db9 -NonStateChangingEventPortName:HostProcess-2805d908-c48f-49bc-849a-e3cda8a1ac37 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:11611547-fc83-4074-b744-617762faa2e1 -DeviceGroupId:WpdFsGroup 164 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7600.16385) -> "taskhost.exe" 2384 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray 1260 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16768) -> C:\Windows\Explorer.EXE 892 | C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (.AMD - HydraDM.) - (4.0.64.0) -> "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" 492 | C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) - (130.0.422.0) -> "C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe" 2356 | C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (.AMD - HydraDMH64.) - (4.0.1.0) -> HydraDM64.exe -h:131114 "Agrandir pour remplir le Bureau" "Agrandir à la fenêtre" "Restaurer le bureau" 3492 | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (.Oracle Corporation - Java(TM) Update Scheduler.) - (2.1.9.8) -> "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 2504 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (2.0.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow 4172 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7600.16385) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 4208 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16808) -> C:\Windows\system32\SearchIndexer.exe /Embedding 4772 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (.Hewlett-Packard Co. - HP CUE Status Root.) - (130.0.469.0) -> "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe" -CtxID "#Hewlett-Packard#HP Photosmart C4380 series#1338033942" -Startup 5044 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) - (130.0.80.0) -> "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe" -Embedding 3532 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (.Hewlett-Packard - GPCore COM object.) - (130.0.14.16) -> "C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe" -Embedding 6028 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (3.5.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 6120 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe" 2276 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7600.16385) -> C:\Windows\servicing\TrustedInstaller.exe 3316 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 4052 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3316.0.1752551577\1272499675" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23 --gpu-vendor-id=1002 --gpu-device-id=6739 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=12.104.0.0 --ignored=" --type=renderer " /prefetch:822062411 3412 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.102) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/AutomaticProfileReset/Enabled4/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Default/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group7 pct:10g stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/Standard/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-1-Percent/group_38/UMA-Uniformity-Trial-10-Percent/group_06/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --enable-software-compositing --channel="3316.2.127245233\1071130598" /prefetch:673131151 ¤¤¤¤¤¤¤¤¤¤ | Running processes [14/07/2009 00:36:49] - 568 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [31/01/2014 20:41:10] - 628 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [14/07/2009 00:19:28] - 820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [14/07/2009 00:19:28] - 900 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [14/07/2009 00:19:28] - 120 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 396 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 516 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1080 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [14/07/2009 00:19:28] - 1164 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [14/07/2009 00:19:28] - 1412 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [14/07/2009 00:19:28] - 1604 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [14/07/2009 00:19:28] - 1928 | C:\Windows\SysWOW64\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt [20992 Ko] [31/01/2014 13:25:20] - 2040 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 Ko] [14/07/2009 00:19:28] - 1116 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k HPZ12 [20992 Ko] [14/07/2009 00:19:28] - 1492 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k HPZ12 [20992 Ko] [14/07/2009 00:19:28] - 1884 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k regsvc [20992 Ko] [14/07/2009 00:19:28] - 2976 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k HPService [20992 Ko] [14/07/2009 00:19:28] - 1472 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 4916 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServicePeerNet [20992 Ko] [14/07/2009 00:43:52] - 5196 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7} [7168 Ko] [31/01/2014 20:12:09] - 4592 | C:\Users\François\Downloads\Pre_Scan.exe (. - Pre_Scan.) - (4.1.31.3) -> "C:\Users\François\Downloads\Pre_Scan.exe" [2713088 Ko] [14/07/2009 00:30:40] - 3452 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7600.16385) -> C:\Windows\system32\wbem\wmiprvse.exe [254976 Ko] [14/07/2009 00:41:43] - 3088 | C:\Windows\System32\rundll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding [44544 Ko] [21/09/2010 14:49:00] - 3384 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2286976 Ko] [21/09/2010 14:49:00] - 1748 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4225.0) -> WLIDSvcM.exe 3384 [222592 Ko] [14/07/2009 01:24:40] - 5608 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7600.16385) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko] [02/07/2011 11:51:02] - 2288 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16808) -> C:\Windows\system32\SearchIndexer.exe /Embedding [428032 Ko] [21/12/2012 15:27:46] - 3360 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [57008 Ko] [14/07/2009 00:35:12] - 1596 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7600.16385) -> C:\Windows\servicing\TrustedInstaller.exe [194048 Ko] [15/12/2010 18:36:01] - 4544 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7600.16699) -> taskeng.exe {764A0C54-1193-48A0-A282-8F070570C0F3} [192000 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! Changed : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Associations ¤ ¤¤¤¤¤¤¤¤¤¤ | Registry ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\Compbatt] : 3 -> 0 Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\Wlansvc] : 3 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Browsers settings for Users : OK Browsers settings for Machine : OK ¤ Hijack.Internet : OK ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Removed : C:\$Recycle.bin\S-1-5-21-1561733727-3290042885-41572468-1000 Moved to quarantine successfully : C:\Users\François\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Prefetch -> Emptied ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 941G No No 206,848 927,032,832 2 2 07-NTFS 13G No No 927,239,680 26,281,984 ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1 End : 21:20:44 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 268