¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 4.01.21.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 14:25:21 ~ Update on 21/01/2014 | 12.00 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [Djamila (Administrator)] - [DJAMILA-PC] ~ SID = S-1-5-21-4269272797-1195911858-739942901-1001 ~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ~ ProcessorNameString : Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz ~ Identifier : Intel64 Family 6 Model 37 Stepping 2 ~ Memory RAM = Total (MB) : 4119 | Free (MB) : 2632 ~ Pagefile = Total (MB) : 8237 | Free (MB) : 6749 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4036 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\OOBE.cmd ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [OS] | Total : 287820 Mo | Free : 185720 Mo -> NTFS d:\-> [Fixed] | [DATA] | Total : 305240 Mo | Free : 46080 Mo -> NTFS e:\-> [Fixed] | [RECOVERY] | Total : 17120 Mo | Free : 2430 Mo -> NTFS f:\-> [Fixed] | [HP_TOOLS] | Total : 100 Mo | Free : 100 Mo -> FAT32 ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\Djamila ~ C:\Users\sarah.Djamila-PC ~ C:\Users\Invité New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 10.0.9200.16750 (© Microsoft Corporation.) GC : 32.0.1700.76 (Copyright 2012 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 11.8.800.168 FlashPlayer ActiveX : 12.0.0.38 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Avira Desktop Disabled AS : avast! Antivirus Disabled FW : avast! Antivirus Enabled ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 912 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 188.17.) - (8.16.11.8817) -> C:\Windows\system32\nvvsvc.exe 1096 | C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe (.IDT, Inc. - IDT PC Audio.) - (1.0.6249.0) -> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\STacSV64.exe 1408 | C:\Windows\system32\Hpservice.exe (.Hewlett-Packard - HpService.) - (4.0.2.1) -> C:\Windows\system32\Hpservice.exe 1540 | C:\Windows\system32\WLANExt.exe (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.1.7600.16385) -> C:\Windows\system32\WLANExt.exe 28003888 1548 | C:\Windows\system32\conhost.exe (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.18229) -> \??\C:\Windows\system32\conhost.exe "1198708246-2414569781175816915-1084791184481483948-17854902691209742677-1742548603 1800 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1932 | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.4.0) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 1968 | C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - (1.0.64.7) -> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_d15ed671de43d681\AESTSr64.exe 1384 | C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (.Microsoft Corporation - Windows Live Family Safety Service.) - (16.4.3508.205) -> "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" 1860 | C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (.Hewlett-Packard Company - LightScribe Service.) - (1.18.8.1) -> "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" 2116 | C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (.Protexis Inc. - PsiService PsiService.) - (2.0.1.124) -> "C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe" 2140 | C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (. - RichVideo Module.) - (2.0.0.3027) -> "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" 2288 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4311.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" 2580 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4311.0) -> WLIDSvcM.exe 2288 3264 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 188.17.) - (8.16.11.8817) -> C:\Windows\system32\nvvsvc.exe -session -first 3600 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 3704 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 3364 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {A49B70C1-AF35-476A-A6C9-F76BB37EEACE} 3552 | c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (.CyberLink - CyberLink MediaLibray Service.) - (4.3.3318.0) -> "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" 1284 | C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.2.45.3) -> "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" 3864 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 3124 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 3848 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe 4464 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (14.0.0.3) -> "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 4488 | C:\Program Files\IDT\WDM\sttray64.exe (.IDT, Inc. - IDT PC Audio.) - (1.0.6249.0) -> "C:\Program Files\IDT\WDM\sttray64.exe" 4508 | C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (. - SmartMenu.) - (3.1.0.1) -> "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background 4536 | C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe (.Microsoft Corporation - Windows Live Family Safety Filter.) - (16.4.3508.205) -> "C:\Program Files (x86)\Windows Live\Family Safety\fsui.exe" -autorun 4548 | C:\Program Files\Windows Sidebar\sidebar.exe (.Microsoft Corporation - Gadgets du Bureau Windows.) - (6.1.7601.17514) -> "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun 4768 | C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe (. - .) - (1.0.1.0) -> "C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe" 4776 | C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) - (6.5.5.1) -> "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start 4792 | C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (.Hewlett-Packard - hpwuSchd Application.) - (80.1.0.0) -> "C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe" 4804 | C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (.Hewlett-Packard Company - HP Wireless Assistant Main Program.) - (3.5.11.2) -> "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" 4924 | C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (.Easybits - Software update notification.) - (8.1.1.97) -> "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" 4984 | C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (.Hewlett-Packard Company - HP Software Framework WMI Service.) - (6.1.16.1) -> "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" 1232 | C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - (6.5.2.1) -> "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" 2884 | C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (. - HpqToaster Module.) - (3.0.24.1) -> "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding 4760 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 1236 | C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (14.0.0.3) -> "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 4304 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --flag-switches-begin --flag-switches-end 2964 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4304.0.1392771440\850747571" --disable-image-transport-surface --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,13,23,28 --gpu-vendor-id=10de --gpu-device-id=0a2d --gpu-driver-vendor=NVIDIA --gpu-driver-version=8.16.11.8817 --ignored=" --type=renderer " /prefetch:822062411 5408 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.76) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4304.8.234986509\1929178372" --ppapi-flash-args --lang=fr --ignored=" --type=renderer " /prefetch:-632637702 6004 | C:\Windows\SysWOW64\ctfmon.exe (.Microsoft Corporation - Chargeur CTF.) - (6.1.7600.16385) -> ctfmon.exe 6140 | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 5660 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {3880727E-BB5F-43BE-9D0E-224194CCF7CE} Boot : Normal ¤¤¤¤¤¤¤¤¤¤ | Running processes [14/07/2009 00:36:49] - 572 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [14/07/2009 00:19:28] - 820 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [14/07/2009 00:19:28] - 952 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [14/07/2009 00:19:28] - 424 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 716 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 596 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [14/07/2009 00:19:28] - 1052 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1456 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [20/01/2014 11:26:26] - 1532 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (9.0.2011.263) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [50344 Ko] [20/01/2014 11:25:54] - 1668 | C:\Program Files\AVAST Software\Avast\afwServ.exe (.AVAST Software - avast! firewall service.) - (9.0.2011.263) -> "C:\Program Files\AVAST Software\Avast\afwServ.exe" [113704 Ko] [14/07/2009 00:19:28] - 1840 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [14/07/2009 00:19:28] - 2016 | C:\Windows\SysWOW64\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\SysWOW64\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1168 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [14/07/2009 00:19:28] - 2264 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [20992 Ko] [14/07/2009 00:19:28] - 3188 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [07/06/2011 10:28:52] - 3916 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [14/07/2009 00:19:28] - 2488 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k SDRSVC [20992 Ko] [20/01/2014 11:26:26] - 4936 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (9.0.2011.263) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [3764024 Ko] [21/01/2014 14:12:36] - 5284 | C:\Users\Djamila\Desktop\winlogon.exe (. - Pre_Scan.) - (4.1.21.1) -> "C:\Users\Djamila\Desktop\winlogon.exe w,e" [2698240 Ko] [07/06/2011 10:28:52] - 3060 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [05/02/2013 21:57:06] - 5172 | C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe (.Microsoft Corporation - Windows Live Family Safety Service.) - (16.4.3508.205) -> "C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe" [1512448 Ko] [07/06/2011 10:28:11] - 4528 | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 Ko] [17/07/2012 14:14:44] - 5732 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4311.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292480 Ko] [17/07/2012 14:14:44] - 3968 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4311.0) -> WLIDSvcM.exe 5732 [223488 Ko] [07/06/2011 10:29:08] - 5644 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko] [29/06/2011 12:51:31] - 6080 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [427520 Ko] [29/06/2011 12:51:31] - 4468 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" [164352 Ko] [04/11/2013 18:31:56] - 1416 | C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe (.Hewlett-Packard Company - HP Support Assistant Service.) - (7.2.45.3) -> "C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe" [92160 Ko] [07/06/2011 10:28:34] - 2888 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe [194048 Ko] [29/06/2011 12:51:30] - 5016 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528 [86528 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 Changed : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 Repaired : [HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKU\S-1-5-21-4269272797-1195911858-739942901-1001\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0 Repaired : [HKU\S-1-5-21-4269272797-1195911858-739942901-1001\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:Software\Swearware\dump [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-4269272797-1195911858-739942901-1001\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/ Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/ Repaired : [HKU\S-1-5-21-4269272797-1195911858-739942901-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKLM64\Software\Microsoft\Internet Explorer\Search]|[SearchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-4269272797-1195911858-739942901-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Removed : C:\$Recycle.bin\S-1-5-21-4269272797-1195911858-739942901-1001 Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]|[Magic Desktop for HP notification] : "C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe" Moved to quarantine successfully : C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce]|[Malwarebytes Anti-Malware (cleanup)] : rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript Moved to quarantine successfully : C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll Moved to quarantine successfully : C:\Users\Djamila\AppData\Roaming\wklnhst.dat Moved to quarantine successfully : C:\ProgramData\Local Settings Moved to quarantine successfully : C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Moved to quarantine successfully : C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Moved to quarantine successfully : C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Moved to quarantine successfully : C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log Moved to quarantine successfully : C:\ProgramData\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}.log Moved to quarantine successfully : C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log Moved to quarantine successfully : C:\ProgramData\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}.log Moved to quarantine successfully : C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log Moved to quarantine successfully : C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Will be moved at reboot : C:\Users\Djamila\Modèles\SamsungKiesSetup.exe Moved to quarantine successfully : C:\Users\Djamila\AppData\Roaming\Microsoft\Windows\Templates\SamsungKiesSetup.exe Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\Djamila\AppData\LocalLow\Sun\Java\Deployment\cache\ Prefetch -> Emptied D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 1851 | Restored : 1851 ~ [Drive E:] : Hidden : 12 | Restored : 12 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 4 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Music] : Hidden : 3 | Restored : 3 ~ [Documents] : Hidden : 4 | Restored : 4 ~ [Desktop] : Hidden : 18 | Restored : 18 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 72 | Restored : 72 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [Libraries] : Hidden : 59 | Restored : 59 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=305G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 199M Yes No 2,048 407,552 1 1 07-NTFS 288G No No 409,600 589,447,168 2 2 07-NTFS 17G No No 589,856,768 35,072,000 3 3 0C-FAT32X 103M No No 624,928,768 211,632 ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 [HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1 End : 14:40:52 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 334