¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.02.12.3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:10:20 Mis à jour le 12/02/2014 | 21.50 par g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_Script Infos : http://gen-hackman.purforum.com/t49-5-les-switchs-du-script Pre_scan Feedbacks : http://gen-hackman.purforum.com/f10-pre_scan-feedbacks [jerome (Administrator)] - [PC-DE-JEROME] SID = S-1-5-21-2761906370-3171597575-3167059314-1000 D‚marrage : Normal Système : Windows Vista (TM) Home Premium (32 bits) HomePremium Service Pack 2 ProcessorNameString : Intel(R) Pentium(R) Dual CPU T3200 @ 2.00GHz Identifier : x86 Family 6 Model 15 Stepping 13 Mémoire RAM = Total (MB) : 3072 | Libre (MB) : 1569 Pagefile = Total (MB) : 6376 | Libre (MB) : 5027 Virtuelle = Total (MB) : 2097 | Libre (MB) : 1971 ¤¤¤¤¤¤¤¤¤¤ | Composants de démarrage ¤¤¤¤¤¤¤¤¤¤¤ | Péripheriques C:\-> [Fixed] | [ACER] | Total : 71320 Mo | Libre : 9040 Mo -> NTFS D:\-> [Fixed] | [DATA] | Total : 71310 Mo | Libre : 60050 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Mises à jour Windows Dernière(s) détection(s) : 2014-02-15 14:37:46 Dernières Téléchargées : 2014-02-12 16:48:12 Dernières installées : 2014-02-12 23:20:21 Prochaine recherche : 2014-02-16 10:04:47 ¤¤¤¤¤¤¤¤¤¤ | Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\jerome Registre sauvegardé , pour restaurer : C:\Pre_Scan\Save\Scan\ERDNT.exe Mise en veille supprimée ! ¤¤¤¤¤¤¤¤¤¤ | Navigateurs IE : 9.0.8112.16533 (© Microsoft Corporation.) GC : 32.0.1700.107 (Copyright 2012 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer ActiveX : 12.0.0.44 ¤¤¤¤¤¤¤¤¤¤ | Security AV : AVG AntiVirus Free Edition 2014 Enabled AS : AVG AntiVirus Free Edition 2014 Enabled FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | Processus stoppés 1496 | C:\Windows\system32\SLsvc.exe (.Microsoft Corporation - Service de gestion des licences Microsoft.) - (6.0.6002.18005) -> C:\Windows\system32\SLsvc.exe 1924 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.0.6002.18294) -> C:\Windows\System32\spoolsv.exe 644 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.0.6002.18005) -> C:\Windows\Explorer.EXE 1488 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.0.6002.18342) -> taskeng.exe {51E8B871-AB54-4769-AC2B-6F2A793B8AAD} 1764 | C:\Windows\system32\agrsmsvc.exe (.Agere Systems - Agere Soft Modem Call Progress Service.) - (1.0.0.8) -> C:\Windows\system32\agrsmsvc.exe 192 | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.0.8) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" 2160 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 2220 | C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe (.NewTech Infosystems, Inc. - NTI Backup Now 5 Agent service..) - (5.1.2.1) -> "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe" 2268 | C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe (. - CLHNService Module.) - (1.0.0.1) -> "C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe" 2308 | C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (.Egis Incorporated - Acer eDataSecurity Management Service.) - (3.0.92.4) -> "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe" 2432 | C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (. - Acer Empowering Technology Framework Service.) - (3.0.3006.0) -> "C:\Program Files\Acer\Empowering Technology\Service\ETService.exe" 2544 | C:\Program Files\Common Files\LightScribe\LSSrvc.exe (.Hewlett-Packard Company - .) - (1.4.142.1) -> "C:\Program Files\Common Files\LightScribe\LSSrvc.exe" 2620 | C:\Acer\Mobility Center\MobilityService.exe (. - app.) - (3.0.3000.0) -> "C:\Acer\Mobility Center\MobilityService.exe" -p 2860 | C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (.NewTech InfoSystems, Inc. - NTI Backup Now 5 BackupSvc Application.) - (5.1.0.3) -> "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe" 2952 | C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (. - .) - (0.0.0.0) -> "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe" 3016 | C:\Program Files\Cyberlink\Shared files\RichVideo.exe (. - RichVideo Module.) - (2.0.0.1120) -> "C:\Program Files\Cyberlink\Shared files\RichVideo.exe" 3056 | C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.0.133.0) -> "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" 3124 | C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe (.AVG Secure Search - ToolbarU Application (Official).) - (17.3.0.49) -> "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\ToolbarUpdater.exe" 3204 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" 3240 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.6002.18005) -> C:\Windows\system32\SearchIndexer.exe /Embedding 3272 | C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe (. - loggings Application.) - (17.2.0.0) -> "C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\17.3.0\loggingserver.exe" 72648 "C:\ProgramData\AVG Secure Search\Logger\logger.properties" 3312 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 3204 3520 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding 3932 | C:\Windows\system32\igfxsrvc.exe (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2202) -> C:\Windows\system32\igfxsrvc.exe -Embedding 3984 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.Synaptics, Inc. - Synaptics TouchPad Enhancements.) - (11.1.4.0) -> "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 3992 | C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe (. - NTI Backup Now 5 Tray Module.) - (5.1.0.3) -> "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" 4000 | C:\Windows\RtHDVCpl.exe (.Realtek Semiconductor - HD Audio Control Panel.) - (1.0.0.198) -> "C:\Windows\RtHDVCpl.exe" 4016 | C:\Windows\PLFSetI.exe (. - DefaultSettingEXE MFC Application.) - (1.0.1.0) -> "C:\Windows\PLFSetI.exe" 528 | C:\Program Files\Launch Manager\LManager.exe (.Dritek System Inc. - Acer Launch Manager Keyboard Application.) - (1.5.6.8) -> "C:\Program Files\Launch Manager\LManager.exe" 3116 | C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (.Egis Incorporated - Acer eDataSecurity Management Loader.) - (3.0.339.0) -> "C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe" 1208 | C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (.Acer Inc. - Acer ePower Management - DMC.) - (3.0.3012.0) -> "C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe" 776 | C:\Windows\System32\igfxtray.exe (.Intel Corporation - igfxTray Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxtray.exe" 1252 | C:\Windows\System32\hkcmd.exe (.Intel Corporation - hkcmd Module.) - (8.15.10.2202) -> "C:\Windows\System32\hkcmd.exe" 3836 | C:\Windows\System32\igfxpers.exe (.Intel Corporation - persistence Module.) - (8.15.10.2202) -> "C:\Windows\System32\igfxpers.exe" 1104 | C:\Program Files\AVG Secure Search\vprot.exe (. - VProtect Application (Non Official).) - (17.0.0.0) -> "C:\Program Files\AVG Secure Search\vprot.exe" 3876 | C:\Windows\ehome\ehtray.exe (.Microsoft Corporation - Media Center Tray Applet.) - (6.0.6001.18000) -> "C:\Windows\ehome\ehtray.exe" 3576 | C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe (.Graphtec Corporation - Craft ROBO Status Supervisor.) - (1.0.3.0) -> "C:\Program Files\Craft ROBO Controller\CRSSupervisor.exe" 4036 | C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) - (12.0.6500.5000) -> "C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE" /tsr 2932 | C:\Windows\system32\igfxext.exe (.Intel Corporation - igfxext Module.) - (8.15.10.2202) -> C:\Windows\system32\igfxext.exe -Embedding 4012 | C:\Windows\system32\igfxsrvc.exe (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2202) -> C:\Windows\system32\igfxsrvc.exe -Embedding 3460 | C:\Users\jerome\AppData\Local\Temp\RtkBtMnt.exe (.Realtek Semiconductor Corp. - Realtek HD Audio Data Rerouter.) - (1.0.0.10) -> C:\Users\jerome\AppData\Local\Temp\RtkBtMnt.exe 3136 | C:\Windows\ehome\ehmsas.exe (.Microsoft Corporation - Media Center Media Status Aggregator Service.) - (6.0.6001.18000) -> C:\Windows\ehome\ehmsas.exe -Embedding 3304 | C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (.Synaptics, Inc. - Synaptics Pointing Device Helper.) - (11.1.4.0) -> "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 1188 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding 6140 | C:\Program Files\DealPlyLive\Update\DealPlyLive.exe (.DealPly Technologies Ltd - DealPlyLive Update.) - (1.3.23.0) -> "C:\Program Files\DealPlyLive\Update\DealPlyLive.exe" /c 3808 | C:\Windows\system32\conime.exe (.Microsoft Corporation - Console IME.) - (6.0.6002.18005) -> C:\Windows\system32\conime.exe 7368 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.107) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" 7360 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.107) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/EnableZeroSuggest_R4_Stable_MostVisitedControl/BrowserPreReadExperiment/100-pct-default/ChromeSuggestions/Most Likely with Kodachrome/DeferBackgroundExtensionCreation/RateLimited/EmbeddedSearch/Group6 pct:10f stable:pp1 use_cacheable_ntp:1 espv:210 suppress_on_srp:1/ManagedModeLaunch/Active/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Population-Restrict/normal/UMA-Session-Randomized-Uniformity-Trial-5-Percent/default/UMA-Uniformity-Trial-1-Percent/group_68/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_01/UMA-Uniformity-Trial-5-Percent/group_18/UMA-Uniformity-Trial-50-Percent/default/" --enable-threaded-compositing --enable-delegated-renderer --enable-deadline-scheduling --renderer-print-preview --disable-html-notifications --disable-accelerated-2d-canvas --enable-software-compositing --disable-gpu-compositing --disable-pepper-3d --channel="7368.1.1537843288\674016315" /prefetch:673131151 5856 | C:\Program Files\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (32.0.1700.107) -> "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="7368.2.1850011967\1162189032" --ppapi-flash-args --lang=fr --ignored=" --type=renderer " /prefetch:-632637702 6544 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.6002.18005) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe19_ Global\UsGthrCtrlFltPipeMssGthrPipe19 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 5588 | C:\Windows\system32\SearchFilterHost.exe (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.6002.18005) -> "C:\Windows\system32\SearchFilterHost.exe" 0 660 664 672 65536 668 4704 | C:\Windows\system32\consent.exe (.Microsoft Corporation - Interface utilisateur de consentement pour des applications administratives.) - (6.0.6002.18328) -> consent.exe 1380 286 131484F8 ¤¤¤¤¤¤¤¤¤¤ | Processus en cours [10/04/2013 16:08:08] - 508 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Windows Session Manager.) - (6.0.6002.18805) -> \SystemRoot\System32\smss.exe [64000 Ko] [13/11/2013 22:03:10] - 544 | C:\PROGRA~1\AVG\AVG2014\avgrsx.exe (.AVG Technologies CZ, s.r.o. - AVG Resident Shield Service.) - (14.0.0.4301) -> C:\PROGRA~1\AVG\AVG2014\avgrsx.exe /boot [729616 Ko] [25/11/2013 22:03:56] - 580 | C:\Program Files\AVG\AVG2014\avgcsrvx.exe (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) - (14.0.0.4302) -> C:\Program Files\AVG\AVG2014\avgcsrvx.exe /pipeName=3ab7d453-01d8-472c-9baf-7078b9d80b67 /coreSdkOptions=8478 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\44632537-280d-4b35-9ee4-d34308320c7a-220-oopp.tmp" /loggerName=AVG.RS.Core /binaryPath="C:\Program Files\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" [591888 Ko] [21/01/2008 03:24:54] - 796 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécuttion client-serveur.) - (6.0.6001.18000) -> C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [21/01/2008 03:23:42] - 840 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.0.6001.18000) -> wininit.exe [96768 Ko] [21/01/2008 03:24:54] - 852 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d'exécuttion client-serveur.) - (6.0.6001.18000) -> C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16 [6144 Ko] [24/09/2009 18:18:08] - 892 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.0.6002.18005) -> C:\Windows\system32\services.exe [279552 Ko] [24/09/2009 18:17:52] - 916 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows.) - (6.0.6002.18005) -> winlogon.exe [314368 Ko] [31/01/2012 19:03:42] - 944 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Processus de l’autorité de sécurité locale.) - (6.0.6002.18541) -> C:\Windows\system32\lsass.exe [9728 Ko] [21/01/2008 03:23:44] - 956 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.0.6001.18000) -> C:\Windows\system32\lsm.exe [229888 Ko] [21/01/2008 03:23:43] - 1096 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k DcomLaunch [21504 Ko] [21/01/2008 03:23:43] - 1156 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k rpcss [21504 Ko] [21/01/2008 03:23:43] - 1304 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [21504 Ko] [21/01/2008 03:23:43] - 1368 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [21504 Ko] [21/01/2008 03:23:43] - 1380 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k netsvcs [21504 Ko] [21/01/2008 03:23:43] - 1480 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [21504 Ko] [21/01/2008 03:23:43] - 1528 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalService [21504 Ko] [21/01/2008 03:23:43] - 1724 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k NetworkService [21504 Ko] [21/01/2008 03:23:43] - 1996 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [21504 Ko] [24/09/2009 18:17:48] - 520 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.0.6002.18005) -> "C:\Windows\system32\Dwm.exe" [81920 Ko] [22/01/2014 12:19:38] - 2076 | C:\Program Files\AVG\AVG2014\avgidsagent.exe (.AVG Technologies CZ, s.r.o. - AVG Identity Protection Service.) - (14.0.0.4330) -> "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [3788816 Ko] [24/09/2013 01:33:08] - 2128 | C:\Program Files\AVG\AVG2014\avgwdsvc.exe (.AVG Technologies CZ, s.r.o. - AVG Watchdog Service.) - (14.0.0.4204) -> "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [348008 Ko] [21/01/2008 03:23:43] - 2176 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k bthsvcs [21504 Ko] [25/11/2013 22:00:24] - 2664 | C:\Program Files\AVG\AVG2014\avgnsx.exe (.AVG Technologies CZ, s.r.o. - AVG Online Shield Service.) - (14.0.0.4302) -> "C:\Program Files\AVG\AVG2014\avgnsx.exe" [892944 Ko] [05/12/2013 12:48:12] - 2672 | C:\Program Files\AVG\AVG2014\avgemcx.exe (.AVG Technologies CZ, s.r.o. - AVG E-mail Scanner.) - (14.0.0.4307) -> "C:\Program Files\AVG\AVG2014\avgemcx.exe" [680976 Ko] [21/01/2008 03:23:43] - 2988 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [21504 Ko] [21/01/2008 03:23:43] - 3092 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k imgsvc [21504 Ko] [21/01/2008 03:23:43] - 3172 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\System32\svchost.exe -k WerSvcGroup [21504 Ko] [24/09/2009 18:18:21] - 3584 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\wmiprvse.exe [247296 Ko] [22/01/2014 12:17:36] - 3640 | C:\Program Files\AVG\AVG2014\avgui.exe (.AVG Technologies CZ, s.r.o. - AVG User Interface.) - (14.0.0.4330) -> "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY [4962320 Ko] [21/01/2008 03:23:43] - 4196 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.0.6001.18000) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21504 Ko] [25/11/2013 22:03:56] - 4476 | C:\Program Files\AVG\AVG2014\avgcsrvx.exe (.AVG Technologies CZ, s.r.o. - AVG Scanning Core Module - Server Part.) - (14.0.0.4302) -> C:\Program Files\AVG\AVG2014\avgcsrvx.exe /pipeName=291b8e28-c98e-467a-82ab-222de9a67137 /coreSdkOptions=8210 /logConfFile="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\9238670e-92d2-492e-9c2e-bd343baf9b4a-a68-oopp.tmp" /loggerName=AVG.NS.Core /binaryPath="C:\Program Files\AVG\AVG2014\" /tempPath="C:\Windows\system32\config\systemprofile\AppData\Local\Avg2014\temp\" [591888 Ko] [15/02/2014 17:50:11] - 7548 | C:\Users\jerome\Downloads\Pre_Scan.exe (. - Pre_Scan.) - (4.2.12.3) -> "C:\Users\jerome\Downloads\Pre_Scan.exe" [2919936 Ko] [24/09/2009 18:18:21] - 6416 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\wmiprvse.exe [247296 Ko] [28/03/2011 19:31:14] - 2356 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [1713536 Ko] [28/03/2011 19:31:16] - 748 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) -> WLIDSvcM.exe 2356 [193920 Ko] [24/09/2009 18:19:15] - 1864 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.6002.18005) -> C:\Windows\system32\SearchIndexer.exe /Embedding [441344 Ko] [15/09/2010 21:16:56] - 8000 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.0.6002.18294) -> C:\Windows\System32\spoolsv.exe [128000 Ko] [11/08/2012 15:43:06] - 3108 | C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.0.8) -> "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [55184 Ko] [08/05/2008 07:30:44] - 6100 | C:\Program Files\Acer\Empowering Technology\Service\ETService.exe (. - Acer Empowering Technology Framework Service.) - (3.0.3006.0) -> "C:\Program Files\Acer\Empowering Technology\Service\ETService.exe" [24576 Ko] [24/09/2009 15:55:30] - 3532 | C:\Windows\system32\wbem\unsecapp.exe (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.0.6002.18005) -> C:\Windows\system32\wbem\unsecapp.exe -Embedding [37888 Ko] [24/09/2009 18:19:53] - 3228 | C:\Windows\system32\SLsvc.exe (.Microsoft Corporation - Service de gestion des licences Microsoft.) - (6.0.6002.18005) -> C:\Windows\system32\SLsvc.exe [3408896 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon utilisateur : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon machine : OK ! Modifié : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Associations Réparé : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L -> C:\Windows\Explorer.exe ¤ Réparé : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files\Internet Explorer\iexplore.exe" Réparé : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s ¤¤¤¤¤¤¤¤¤¤ | Registre Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Réparé : [HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Accès au registre et au gestionnaire des taches ¤¤¤¤¤¤¤¤¤¤ | SafeBoot Safeboot Keys are O.K Alternate shell is OK ! ¤ Repaired : [HKLM | Minimal\SRService] : -> Service Repaired : [HKLM | Minimal\sr.sys] : -> FSFilter System Recovery ¤ Repaired : [HKLM | Network\rdpcdd.sys] : -> Driver ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Supprimé : HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{121b9a83-c41b-11df-ba1d-001d72d93525} | AutoRun\command : G:\LaunchU3.exe Supprimé : HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{e22b014c-f562-11dd-b688-001d72d93525} | Auto\command : infrom.exe Supprimé : HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{e22b014c-f562-11dd-b688-001d72d93525} | AutoRun\command : C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL infrom.exe ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd ¤¤¤¤¤¤¤¤¤¤ | Centre de sécurité Réparé : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0 Réparé : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0 Réparé : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Correction des services Impossible to restore service : EMDMGNT Réparé : [agp440] : 3 -> 2 Réparé : [Browser] : 2 -> 3 Réparé : [EapHost] : 3 -> 2 Réparé : [SharedAccess] : 4 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Réparé : [HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://www.google.com/ie -> http://www.google.com/ Réparé : [HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com/webhp?rls=ig -> http://www.google.com/ Réparé : [HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Réparé : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://homepage.acer.com/rdr.aspx?b=ACAW&l=040c&s=2&o=vp32&d=1008&m=aspire_5735 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Réparé : [HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[EnableHttp1_1] : 0 -> 1 Réparé : [HKU\S-1-5-21-2761906370-3171597575-3167059314-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Nettoyé ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Détection des offsets ¤¤¤¤¤¤¤¤¤¤ | Fichiers | Dossiers | Registre Supprimé : C:\$Recycle.bin\S-1-5-21-2761906370-3171597575-3167059314-500 Supprimé : C:\$Recycle.bin\S-1-5-21-2761906370-3171597575-3167059314-1000 Déplacé en quarantaine avec succès : C:\Windows\system32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv -> C:\Windows\TEMP\{EEEF5DC5-1D81-4B43-A7C0-474A584C1AFA}.exe Déplacé en quarantaine avec succès : C:\Windows\system32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv -> C:\Windows\TEMP\{CD7F8CE6-21DF-44BD-8652-3EF74B262323}.exe Déplacé en quarantaine avec succès : C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job Déplacé en quarantaine avec succès : C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job Déplacé en quarantaine avec succès : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job Déplacé en quarantaine avec succès : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineCore Déplacé en quarantaine avec succès : C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job Déplacé en quarantaine avec succès : C:\Windows\System32\Tasks\DealPlyLiveUpdateTaskMachineUA Supprimé : HKLM\Software\Microsoft\Windows\CurrentVersion\Run : QuickTime Task -> "C:\Program Files\QuickTime\QTTask.exe" -atboottime Déplacé en quarantaine avec succès : C:\Users\jerome\AppData\Roaming\wklnhst.dat Déplacé en quarantaine avec succès : C:\Users\Public\Desktop\Launch SP_Reventon.exe.lnk Déplacé en quarantaine avec succès : C:\Users\Public\Desktop\Launch SpUsbInstaller.exe.lnk Déplacé en quarantaine avec succès : C:\Users\jerome\AppData\Local\d3d9caps.dat Déplacé en quarantaine avec succès : C:\Windows\System32\Config\SystemProfile\AppData\Local\d3d9caps.dat Déplacé en quarantaine avec succès : C:\Windows\assembly\tmp\ Prefetch -> Nettoyé D:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 2 | Restored : 2 ~ [Drive C:] : Hidden : 4 | Restored : 4 ~ [Program Files] : Hidden : 4 | Restored : 4 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Music] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Favorites] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 108 | Restored : 108 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [Libraries] : Hidden : 56 | Restored : 56 ¤¤¤¤¤¤¤¤¤¤ | Contrôle des partitions Disk: 0 Size=153G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 27-UNKNWN 10.0G No No 2,048 20,480,000 1 1 07-NTFS 71G Yes No 20,482,048 146,057,216 2 2 07-NTFS 71G No No 166,539,264 146,038,784 ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 End : 18:30:07 Mise en veille restaurée ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 344