¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 4.01.15.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:30:55 ~ Update on 15/01/2014 | 12.50 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [LePerSpiCace (Administrator)] - [PLOFTW] ~ SID = S-1-5-21-425886798-844678244-2583144819-1000 ~ System : Windows 7 Professional (32 bits) Professional Service Pack 1 ~ TotalValidations : 8 ~ ProcessorNameString : Intel(R) Core(TM)2 Duo CPU T9300 @ 2.50GHz ~ Identifier : x86 Family 6 Model 23 Stepping 6 ~ Memory RAM = Total (MB) : 3145 | Free (MB) : 2067 ~ Pagefile = Total (MB) : 6288 | Free (MB) : 4944 ~ Virtual = Total (MB) : 2097 | Free (MB) : 1964 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [] | Total : 238370 Mo | Free : 7140 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates Last(s) détection(s) : 2014-01-20 18:21:22 Last(s) download(s) : 2014-01-17 16:36:14 Last(s) installation(s) : 2014-01-17 16:36:37 Next search : 2014-01-21 15:35:27 ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\LePerSpiCace ~ C:\Users\postgres ~ C:\Users\UpdatusUser New restorepoint created : To restore the registry : C:\Pre_Scan\Save\Scan\ERDNT.exe Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | Browsers IE : 11.0.9600.16428 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 11.9.900.170 FlashPlayer Plugin : 11.9.900.170 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Avira Desktop Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 880 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 331.82.) - (8.17.13.3182) -> "C:\Windows\system32\nvvsvc.exe" 904 | C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) - (7.17.13.3182) -> "C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe" 1580 | C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.3182) -> "C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe" 1588 | C:\Windows\system32\nvvsvc.exe (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 331.82.) - (8.17.13.3182) -> C:\Windows\system32\nvvsvc.exe -session -first 1712 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1884 | C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (.SUPERAntiSpyware.com - Core Service.) - (1.0.0.1070) -> "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" 1920 | C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) -> "C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe" 1988 | C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe" 292 | C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe (.NVIDIA Corporation - NVIDIA Network Service.) - (1.0.0.1) -> "C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe" 440 | C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (.NVIDIA Corporation - NVIDIA Streamer Service.) - (1.6.85.0) -> "C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe" 1160 | c:\postgreSQL\bin\pg_ctl.exe (.PostgreSQL Global Development Group - pg_ctl - starts/stops/restarts the PostgreSQL server.) - (8.4.17.13091) -> c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w 1392 | C:\Windows\System32\StkCSrv.exe (.Syntek America Inc. - Syntek Hardware Snapshot Launch Application Services.) - (1.0.0.2) -> C:\Windows\System32\StkCSrv.exe 2224 | c:\postgreSQL\bin\postgres.exe (.PostgreSQL Global Development Group - PostgreSQL Server.) - (8.4.17.13091) -> c:/postgreSQL/bin/postgres.exe -D "c:/postgreSQL/data" 2232 | C:\Windows\system32\conhost.exe (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.18229) -> \??\C:\Windows\system32\conhost.exe "2094752842-9642751415574655661275978364-41407991940866937-1483895405-305585053 2272 | C:\Windows\system32\rundll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> "C:\Windows\system32\rundll32.exe" Shell32.dll,Control_RunDLL mmsys.cpl 2380 | c:\postgreSQL\bin\postgres.exe (.PostgreSQL Global Development Group - PostgreSQL Server.) - (8.4.17.13091) -> "c:/postgreSQL/bin/postgres.exe" "--forkboot" "816" "-x3" 2388 | c:\postgreSQL\bin\postgres.exe (.PostgreSQL Global Development Group - PostgreSQL Server.) - (8.4.17.13091) -> "c:/postgreSQL/bin/postgres.exe" "--forkboot" "800" "-x4" 2396 | c:\postgreSQL\bin\postgres.exe (.PostgreSQL Global Development Group - PostgreSQL Server.) - (8.4.17.13091) -> "c:/postgreSQL/bin/postgres.exe" "--forkavlauncher" "816" 2404 | c:\postgreSQL\bin\postgres.exe (.PostgreSQL Global Development Group - PostgreSQL Server.) - (8.4.17.13091) -> "c:/postgreSQL/bin/postgres.exe" "--forkcol" "800" 2592 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 2656 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 2900 | C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.756) -> "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s 2908 | C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (.Intel Corporation - IAStorIcon.) - (10.1.0.1008) -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 2936 | C:\Program Files\Common Files\Java\Java Update\jusched.exe (.Oracle Corporation - Java(TM) Update Scheduler.) - (2.1.9.8) -> "C:\Program Files\Common Files\Java\Java Update\jusched.exe" 3172 | C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (.NVIDIA Corporation - NVIDIA NvTmru Application.) - (9.3.21.0) -> "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe" 3248 | C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.3182) -> "C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1 3364 | C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe (.NVIDIA Corporation - NVIDIA GeForce Experience Backend.) - (10.11.15.0) -> "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe" 3836 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 2804 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 3200 | C:\Program Files\Logitech Gaming Software\LCore.exe (.Logitech Inc. - Logitech Gaming Framework.) - (8.50.281.0) -> "C:\Program Files\Logitech Gaming Software\LCore.exe" /minimized 1984 | C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe (.Adobe Systems Inc. - AcroTray.) - (10.1.9.22) -> "C:\Program Files\Adobe\Acrobat 10.0\Acrobat\acrotray.exe" 3904 | C:\Program Files\Garmin\ANT Agent\ANT Agent.exe (.GARMIN Corp. - Garmin ANT Agent Application.) - (2.3.4.0) -> "C:\Program Files\Garmin\ANT Agent\ANT Agent.exe" 4664 | C:\Program Files\Internet Explorer\iexplore.exe (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.16428) -> "C:\Program Files\Internet Explorer\iexplore.exe" http://www.forum-entraide-informatique.com/t12164-lenteur-au-demarrage 4908 | C:\Program Files\Internet Explorer\iexplore.exe (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.16428) -> "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4664 CREDAT:267521 /prefetch:2 5608 | C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (.Intel Corporation - IAStorDataSvc.) - (10.1.0.1008) -> "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe" 5972 | C:\Program Files\Internet Explorer\iexplore.exe (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.16428) -> "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4664 CREDAT:4068668 /prefetch:2 3536 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe 5056 | C:\Program Files\Internet Explorer\iexplore.exe (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.16428) -> "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4664 CREDAT:4134185 /prefetch:2 3244 | C:\Program Files\Internet Explorer\iexplore.exe (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.16428) -> "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4664 CREDAT:1512727 /prefetch:2 4024 | C:\Program Files\Internet Explorer\iexplore.exe (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.16428) -> "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4664 CREDAT:2495775 /prefetch:2 Boot : Normal ¤¤¤¤¤¤¤¤¤¤ | Running processes [10/04/2013 21:24:58] - 312 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [69632 Ko] [14/07/2009 00:11:09] - 488 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [14/07/2009 00:36:49] - 556 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [14/07/2009 00:11:09] - 568 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [14/07/2009 00:11:26] - 612 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [259072 Ko] [13/11/2013 19:10:40] - 628 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18270) -> C:\Windows\system32\lsass.exe [22016 Ko] [25/03/2012 22:07:39] - 636 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [267776 Ko] [25/03/2012 22:07:40] - 700 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [286720 Ko] [14/07/2009 00:19:28] - 808 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [14/07/2009 00:19:28] - 936 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [14/07/2009 00:19:28] - 1012 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 1104 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 1164 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [14/07/2009 00:19:28] - 1196 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1428 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [21/11/2012 23:21:28] - 1744 | C:\Program Files\Avira\AntiVir Desktop\sched.exe (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (14.0.2.180) -> "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [440376 Ko] [14/07/2009 00:19:28] - 1792 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [21/11/2012 23:21:28] - 1944 | C:\Program Files\Avira\AntiVir Desktop\avguard.exe (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (14.0.1.519) -> "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [440376 Ko] [14/07/2009 00:19:28] - 1268 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [20992 Ko] [14/07/2009 00:24:23] - 2576 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [92672 Ko] [21/11/2012 23:21:28] - 2928 | C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) - (14.0.2.254) -> "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [684600 Ko] [21/11/2012 23:21:28] - 3676 | C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (14.0.2.180) -> "C:\Program Files\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000798 [431672 Ko] [14/07/2009 00:19:28] - 4028 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 3624 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [14/07/2009 00:19:28] - 5668 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k WindowsMobile [20992 Ko] [14/07/2009 00:43:52] - 252 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{A4B07E49-6567-4FB8-8D39-01920E3B2357} [7168 Ko] [25/03/2012 22:07:39] - 4328 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [20/01/2014 20:24:34] - 4284 | C:\Users\LePerSpiCace\Desktop\Pre_Scan.exe (. - Pre_Scan.) - (4.1.15.1) -> "C:\Users\LePerSpiCace\Desktop\Pre_Scan.exe" [2697728 Ko] [14/07/2009 00:43:52] - 4828 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} [7168 Ko] [10/10/2013 23:54:44] - 5152 | C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (.SUPERAntiSpyware.com - Core Service.) - (1.0.0.1070) -> "C:\Program Files\SUPERAntiSpyware\SASCORE.EXE" [120088 Ko] [25/03/2012 19:32:23] - 3320 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [427520 Ko] [25/03/2012 22:07:42] - 3980 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1121792 Ko] [22/08/2012 10:42:55] - 8672 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [317440 Ko] [25/03/2012 22:07:16] - 14856 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe [204800 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKU\S-1-5-21-425886798-844678244-2583144819-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0 Repaired : [HKU\S-1-5-21-425886798-844678244-2583144819-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 4 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-425886798-844678244-2583144819-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/ Repaired : [HKU\S-1-5-21-425886798-844678244-2583144819-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : about:blank -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : about:blank -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896 ¤ Repaired : [HKU\S-1-5-21-425886798-844678244-2583144819-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Removed : C:\$Recycle.bin\S-1-5-21-425886798-844678244-2583144819-1000 Moved to quarantine successfully : C:\Users\LePerSpiCace\AppData\Local\fusioncache.dat Moved to quarantine successfully : C:\Users\LePerSpiCace\Desktop\data Moved to quarantine successfully : C:\Users\LePerSpiCace\AppData\Local\microsoft\windows\WebCacheLock.dat Moved to quarantine successfully : C:\Windows\assembly\tmp\ Prefetch -> Emptied ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 4 | Restored : 4 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 91 | Restored : 91 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [Libraries] : Hidden : 59 | Restored : 59 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 238G No No 206,848 488,187,904 ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 End : 20:41:06 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 297