¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 4.01.06.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 23:08:04 ~ Update on 06/01/2014 | 13.30 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [ordinateur (Administrator)] - [ORDINATEUR-PC] ~ SID = S-1-5-21-3298741098-1582706896-1892966776-1000 ~ System : Windows 7 Starter (32 bits) Starter Service Pack 1 ~ ProcessorNameString : Intel(R) Atom(TM) CPU N280 @ 1.66GHz ~ Identifier : x86 Family 6 Model 28 Stepping 2 ~ Memory RAM = Total (MB) : 1040 | Free (MB) : 448 ~ Pagefile = Total (MB) : 2088 | Free (MB) : 1382 ~ Virtual = Total (MB) : 2097 | Free (MB) : 1951 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [WIN7] | Total : 238470 Mo | Free : 209390 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates Last(s) détection(s) : 2014-01-06 17:34:57 Last(s) download(s) : 2014-01-06 17:35:00 Last(s) installation(s) : 2014-01-06 07:29:39 Next search : 2014-01-07 11:53:09 ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\ordinateur New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 11.0.9600.16428 (© Microsoft Corporation.) FF : 26.0.0.5087 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 11.9.900.170 FlashPlayer Plugin : 11.9.900.170 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Microsoft Security Essentials Enabled AS : Microsoft Security Essentials Enabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 1396 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1600 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 1620 | C:\Windows\System32\AsusService.exe (. - .) - (0.0.0.0) -> C:\Windows\System32\AsusService.exe 1652 | C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (.Broadcom Corporation. - Bluetooth Support Server.) - (6.2.0.9600) -> "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" 1760 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 1824 | C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" 440 | C:\Program Files\Microsoft\BingBar\SeaPort.EXE (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.1.161.0) -> "C:\Program Files\Microsoft\BingBar\SeaPort.EXE" 648 | C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray 1960 | C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.400) -> "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s 2040 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (13.2.6.1) -> "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 1836 | C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (.ASUSTeK Computer Inc. - Asus Eee PC Hotkey Service.) - (6.1.1.2029) -> "C:\PROGRAM FILES\EEEPC\HOTKEYSERVICE\HOTKEYSERVICE.EXE" 408 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" 2360 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 408 2860 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 2872 | C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (13.2.6.1) -> "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 2688 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 2188 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe" 2484 | C:\Program Files\Mozilla Firefox\firefox.exe (.Mozilla Corporation - Firefox.) - (26.0.0.5087) -> "C:\Program Files\Mozilla Firefox\firefox.exe" 2592 | C:\Program Files\Mozilla Firefox\plugin-container.exe (.Mozilla Corporation - Plugin Container for Firefox.) - (26.0.0.5087) -> "C:\Program Files\Mozilla Firefox\plugin-container.exe" --channel=2484.c1b5e00.1129632653 "C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll" -greomni "C:\Program Files\Mozilla Firefox\omni.ja" -appomni "C:\Program Files\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files\Mozilla Firefox\browser" 308046B0AF4A39CB 2484 "\\.\pipe\gecko-crash-server-pipe.2484" plugin 2716 | C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) - (11.9.900.170) -> "C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe" --proxy-stub-channel=Flash2592.64ABB990.18184 --host-broker-channel=Flash2592.64ABB990.14675 --host-pid=2592 --host-npapi-version=27 --plugin-path="C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll" 3656 | C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe (.Adobe Systems, Inc. - Adobe Flash Player 11.9 r900.) - (11.9.900.170) -> "C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe" --channel=2716.0029F5B4.592116285 --proxy-stub-channel=Flash2592.64ABB990.18184 --plugin-path="C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll" --host-npapi-version=27 --type=renderer 948 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 1112 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 504 508 516 65536 512 2356 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {F9852E03-E438-4897-A687-FEFF972A41EC} 1592 | c:\Program Files\Microsoft Security Client\MpCmdRun.exe (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.4.304.0) -> "c:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 0F35119F-929E-DFFD-DC64-A484B01A5B0F -Reinvoke Boot : Normal ¤¤¤¤¤¤¤¤¤¤ | Running processes [17/04/2013 17:42:56] - 268 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [69632 Ko] [14/07/2009 00:11:09] - 392 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [14/07/2009 00:11:09] - 444 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [14/07/2009 00:36:49] - 452 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [14/07/2009 00:11:26] - 504 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [259072 Ko] [06/07/2011 17:18:12] - 536 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [286720 Ko] [14/11/2013 20:36:17] - 564 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18270) -> C:\Windows\system32\lsass.exe [22016 Ko] [06/07/2011 17:18:08] - 572 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [267776 Ko] [14/07/2009 00:19:28] - 664 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [14/07/2009 00:19:28] - 744 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [23/10/2013 15:01:10] - 808 | c:\Program Files\Microsoft Security Client\MsMpEng.exe (.Microsoft Corporation - Antimalware Service Executable.) - (4.4.304.0) -> "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [22208 Ko] [14/07/2009 00:19:28] - 928 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 960 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 996 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [14/07/2009 00:19:28] - 1024 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1228 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [14/07/2009 00:19:28] - 1448 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [14/07/2009 00:24:23] - 1732 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [92672 Ko] [04/01/2014 19:06:30] - 1912 | C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 Ko] [14/07/2009 00:19:28] - 1632 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [20992 Ko] [14/07/2009 00:19:28] - 2544 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [06/07/2011 17:18:07] - 2924 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [14/07/2009 00:19:28] - 328 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [14/07/2009 00:19:28] - 4080 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k SDRSVC [20992 Ko] [23/10/2013 15:01:10] - 1244 | c:\Program Files\Microsoft Security Client\NisSrv.exe (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.4.304.0) -> "c:\Program Files\Microsoft Security Client\NisSrv.exe" [280288 Ko] [06/01/2014 22:55:25] - 888 | C:\Users\ordinateur\Downloads\Pre_Scan.exe (. - Pre_Scan.) - (4.1.6.1) -> "C:\Users\ordinateur\Downloads\Pre_Scan.exe" [2697728 Ko] [06/07/2011 17:18:07] - 2648 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [28/03/2011 19:31:14] - 3252 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1713536 Ko] [28/03/2011 19:31:16] - 3888 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 3252 [193920 Ko] [06/07/2011 17:18:18] - 1740 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1121792 Ko] [29/06/2011 17:53:13] - 3416 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [427520 Ko] [02/07/2009 03:03:12] - 1988 | C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (.Broadcom Corporation. - Bluetooth Support Server.) - (6.2.0.9600) -> "C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe" [582944 Ko] [15/08/2012 09:42:00] - 1600 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [317440 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKU\S-1-5-21-3298741098-1582706896-1892966776-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Deleted : HKU\S-1-5-21-3298741098-1582706896-1892966776-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\D | AutoRun\command : D:\AutoLcd209x.exe ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 3 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-3298741098-1582706896-1892966776-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3298741098-1582706896-1892966776-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3298741098-1582706896-1892966776-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896 ¤ Repaired : [HKU\S-1-5-21-3298741098-1582706896-1892966776-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Removed : C:\$Recycle.bin\S-1-5-21-3298741098-1582706896-1892966776-500 Removed : C:\$Recycle.bin\S-1-5-21-3298741098-1582706896-1892966776-1000 Moved to quarantine successfully : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat.com.lnk Moved to quarantine successfully : C:\Users\Public\Desktop\Acrobat.com.lnk Moved to quarantine successfully : C:\Users\ordinateur\AppData\Local\microsoft\windows\WebCacheLock.dat Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\ordinateur\AppData\LocalLow\Sun\Java\Deployment\cache\ Prefetch -> Emptied ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 4 | Restored : 4 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 92 | Restored : 92 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [Libraries] : Hidden : 59 | Restored : 59 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 238G Yes No 63 488,392,002 ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 End : 23:28:41 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 282