¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.02.24.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:47:19 Mis à jour le 24/02/2014 | 10.30 par g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_Script Infos : http://gen-hackman.purforum.com/t49-5-les-switchs-du-script Pre_scan Feedbacks : http://gen-hackman.purforum.com/f10-pre_scan-feedbacks [Freespirit (Administrator)] - [FREEAMELOVE] SID = S-1-5-21-2968554027-131355321-3335405178-1001 D‚marrage : Normal Système : Windows 8 (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i5-3230M CPU @ 2.60GHz Identifier : Intel64 Family 6 Model 58 Stepping 9 Mémoire RAM = Total (MB) : 4144 | Libre (MB) : 3252 Pagefile = Total (MB) : 4865 | Libre (MB) : 3737 Virtuelle = Total (MB) : 4194 | Libre (MB) : 3966 ¤¤¤¤¤¤¤¤¤¤ | Composants de démarrage C:\windows\Setup\Scripts\ ¤¤¤¤¤¤¤¤¤¤¤ | Péripheriques C:\-> [Fixed] | [win/logs] | Total : 200000 Mo | Libre : 39730 Mo -> NTFS E:\-> [Fixed] | [divers] | Total : 271060 Mo | Libre : 75630 Mo -> NTFS F:\-> [Fixed] | [studio] | Total : 469930 Mo | Libre : 237830 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Mises à jour Windows Aucune mise à jour détectée !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions C:\windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Freespirit Registre sauvegardé , pour restaurer : C:\Pre_Scan\Save\Scan\ERDNT.exe Mise en veille supprimée ! ¤¤¤¤¤¤¤¤¤¤ | Navigateurs IE : 10.0.9200.16453 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 11.3.377.15 FlashPlayer Plugin : 11.8.800.168 ¤¤¤¤¤¤¤¤¤¤ | Security AV : Avira Desktop Disabled AS : Windows Defender Disabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | Processus stoppés 956 | C:\windows\system32\atiesrxx.exe (.AMD - AMD External Events Service Module.) - (6.14.11.1126) -> C:\windows\system32\atiesrxx.exe 1096 | C:\windows\system32\atieclxx.exe (.AMD - AMD External Events Client Module.) - (6.14.11.1126) -> atieclxx 1192 | C:\Program Files\Classic Shell\ClassicShellService.exe (.IvoSoft - Classic Shell Service.) - (3.6.8.0) -> "C:\Program Files\Classic Shell\ClassicShellService.exe" 1216 | C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.36) -> "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" 1236 | C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.116) -> "C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SRSPS 1384 | C:\windows\system32\WLANExt.exe (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.2.9200.16384) -> C:\windows\system32\WLANExt.exe 1091318096352 1424 | C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe (. - GFNEXSrv.) - (2.0.0.7) -> "C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe" 1696 | C:\windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.2.9200.16384) -> C:\windows\System32\spoolsv.exe 1868 | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.701.3.3014) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 1996 | C:\windows\system32\dashost.exe (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) -> dashost.exe {46bddb4d-beee-482c-b454cc6e711dfe61} 1052 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe" 1212 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (8.1.0.1252) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" 1632 | C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe (.PACE Anti-Piracy, Inc. - PACE License Support Service.) - (1.0.1.8465) -> "C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe" 2244 | C:\Windows\system32\TODDSrv.exe (.TOSHIBA Corporation - TDCSrv Application.) - (1.0.0.7) -> C:\Windows\system32\TODDSrv.exe 2304 | C:\Program Files\TOSHIBA\Teco\TecoService.exe (.TOSHIBA Corporation - TOSHIBA eco Utility Service.) - (2.0.0.2) -> "C:\Program Files\TOSHIBA\Teco\TecoService.exe" 2348 | C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (.WIBU-SYSTEMS AG - CodeMeter Runtime Server.) - (4.30.485.503) -> "C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe" 2676 | C:\windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.2.9200.16384) -> C:\windows\system32\wbem\unsecapp.exe -Embedding 3012 | C:\windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.2.9200.16384) -> C:\windows\servicing\TrustedInstaller.exe 3008 | C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe (.Microsoft Corporation - Windows Modules Installer Worker.) - (6.2.9200.16384) -> C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16384_none_622908ad510eb05b\TiWorker.exe -Embedding 3408 | C:\Program Files\Classic Shell\ClassicStartMenu.exe (.IvoSoft - Classic Start Menu.) - (3.6.8.0) -> "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -startup 3468 | C:\windows\system32\taskhostex.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16451) -> taskhostex.exe 3476 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (16.3.4.0) -> "\Program Files\Synaptics\SynTP\SynTPEnh.exe" 3536 | C:\windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16433) -> C:\windows\Explorer.EXE 3676 | C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (16.3.4.0) -> "C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE" 3984 | C:\windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9200.16433) -> C:\windows\system32\SearchIndexer.exe /Embedding 2320 | C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.824) -> "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s 3032 | C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (. - TCrdMain Application.) - (2.0.7.64) -> "C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" 3432 | C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (.TOSHIBA Corporation - .) - (1.0.0.2) -> "C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe" 3604 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) - (3.5.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun ¤¤¤¤¤¤¤¤¤¤ | Processus en cours [17/02/2013 19:22:19] - 848 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k DcomLaunch [23040 Ko] [17/02/2013 19:22:19] - 908 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k RPCSS [23040 Ko] [17/02/2013 19:22:19] - 992 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [23040 Ko] [17/02/2013 19:22:19] - 500 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k netsvcs [23040 Ko] [17/02/2013 19:22:19] - 648 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k LocalService [23040 Ko] [17/02/2013 19:22:19] - 460 | C:\windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [23040 Ko] [17/02/2013 19:22:19] - 1296 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k NetworkService [23040 Ko] [04/10/2013 20:41:36] - 1724 | C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (14.0.2.180) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [440376 Ko] [17/02/2013 19:22:19] - 1744 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k LocalServiceNoNetwork [23040 Ko] [04/10/2013 20:41:36] - 1960 | C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) - (14.0.1.519) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [440376 Ko] [17/02/2013 19:22:19] - 2220 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k imgsvc [23040 Ko] [26/07/2012 03:46:07] - 2576 | C:\windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) -> C:\windows\system32\wbem\wmiprvse.exe [375808 Ko] [04/10/2013 20:41:36] - 2840 | C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) - (14.0.2.180) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_000007a8 [601656 Ko] [17/02/2013 19:22:19] - 1840 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [23040 Ko] [17/02/2013 19:22:19] - 2512 | C:\windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.2.9200.16420) -> C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [23040 Ko] [31/10/2012 23:15:02] - 3032 | C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (. - TCrdMain Application.) - (2.0.7.64) -> "C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe" [2565544 Ko] [04/10/2013 20:41:36] - 3868 | C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) - (14.0.2.254) -> "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [684600 Ko] [28/02/2014 18:31:57] - 3504 | C:\Users\Freespirit\Desktop\winlogon.exe (. - Pre_Scan.) - (4.2.24.1) -> "C:\Users\Freespirit\Desktop\winlogon.exe w,e" [2918400 Ko] [26/07/2012 03:46:07] - 3000 | C:\windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16384) -> C:\windows\system32\wbem\wmiprvse.exe [375808 Ko] [20/04/2012 22:16:12] - 720 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.388.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [635104 Ko] [16/04/2013 06:21:25] - 1584 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (.Intel Corporation - Intel(R) ME Service.) - (8.1.0.1256) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe" [129856 Ko] [16/04/2013 06:20:13] - 3924 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.Intel Corporation - Local Manageability Service.) - (8.1.0.1252) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [277824 Ko] [17/02/2013 19:39:20] - 3724 | C:\windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.9200.16433) -> C:\windows\system32\SearchIndexer.exe /Embedding [671232 Ko] [16/04/2013 06:20:52] - 3972 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (.Intel Corporation - User Notification Service.) - (8.1.0.1252) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [365376 Ko] [26/07/2012 03:45:34] - 3660 | \\?\C:\windows\system32\wbem\WMIADAP.EXE (.Microsoft Corporation - WMI Reverse Performance Adapter Maintenance Utility.) - (6.2.9200.16384) -> wmiadap.exe /F /T /R [124416 Ko] [26/07/2012 06:26:44] - 3832 | C:\windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.2.9200.16384) -> C:\windows\servicing\TrustedInstaller.exe [94208 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon utilisateur : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon machine Modifié : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 Réparé : [HKLM | Winlogon]|[userinit] : userinit.exe -> C:\windows\SysWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations ¤ ¤¤¤¤¤¤¤¤¤¤ | Registre ¤¤¤¤¤¤¤¤¤¤ | Accès au registre et au gestionnaire des taches ¤¤¤¤¤¤¤¤¤¤ | SafeBoot Safeboot Keys are O.K Alternate shell is OK ! ¤ Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicDisplay.sys] : Driver Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BasicRender.sys] : Driver Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\dxgkrnl.sys] : Driver Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\FsDepends.sys] : Driver ¤ Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\VirtualSmartcardReader] : Driver Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicDisplay.sys] : Driver Cannot repair ! [HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BasicRender.sys] : Driver ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Centre de sécurité ¤¤¤¤¤¤¤¤¤¤ | Correction des services Réparé : [PlugPlay] : 3 -> 2 Réparé : [agp440] : 0 -> 2 Réparé : [Bits] : 3 -> 2 Réparé : [EapHost] : 3 -> 2 Réparé : [SharedAccess] : 4 -> 2 Réparé : [windefend] : 3 -> 2 Réparé : [wudfsvc] : 3 -> 2 Réparé : [WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Réglages navigateur utilisateurs : OK Réglages navigateur machine : OK ¤ Détournement internet : OK ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\windows\System32\Drivers\etc\hosts : Nettoyé ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Détection des offsets ¤¤¤¤¤¤¤¤¤¤ | Fichiers | Dossiers | Registre Supprimé : C:\$Recycle.bin\S-1-5-21-2968554027-131355321-3335405178-1001 Déplacé en quarantaine avec succès : C:\Users\Freespirit\AppData\LocalLow\Sun\Java\Deployment\cache\ Prefetch -> Nettoyé E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Windows] : Hidden : 6 | Restored : 3 ~ [Libraries] : Hidden : 5 | Restored : 5 ¤¤¤¤¤¤¤¤¤¤ | Contrôle des partitions Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1 End : 18:54:05 Mise en veille restaurée ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 274