¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0930 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 15:32:10 ~ Update on 30/09/2013 | 14.30 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [jean-luc (Administrator)] - [PC] ~ SID = S-1-5-21-1651166802-1394991382-2779287920-1001 ~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ~ ProcessorNameString : AMD Athlon(tm) II Dual-Core M320 ~ Identifier : AMD64 Family 16 Model 6 Stepping 2 ~ Memory RAM = Total (MB) : 3928 | Free (MB) : 2949 ~ Pagefile = Total (MB) : 7855 | Free (MB) : 6806 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4060 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\OOBE.cmd ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [] | Total : 462610 Mo | Free : 409220 Mo -> NTFS d:\-> [Fixed] | [RECOVERY] | Total : 14020 Mo | Free : 2330 Mo -> NTFS e:\-> [Fixed] | [HP_TOOLS] | Total : 100 Mo | Free : 90 Mo -> FAT32 ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ¤¤¤¤¤¤¤¤¤¤ | Security AV : Norton Internet Security Disabled AS : Norton Internet Security Enabled FW : Norton Internet Security Disabled ¤¤¤¤¤¤¤¤¤¤ | services WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\jean-luc New restorepoint created Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 752 | C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE (.Enigma Software Group USA, LLC. - Service scanner interface.) - (1.0.40.23) -> C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE 836 | C:\Windows\system32\atiesrxx.exe (.AMD - AMD External Events Service Module.) - (6.14.11.1033) -> C:\Windows\system32\atiesrxx.exe 184 | C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe (.IDT, Inc. - IDT PC Audio.) - (1.0.6225.0) -> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe 1104 | C:\Windows\system32\Hpservice.exe (.Hewlett-Packard - HpService.) - (4.0.2.1) -> C:\Windows\system32\Hpservice.exe 1312 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {2085BB95-08B1-46AA-AB78-B1DD964B1FFE} 1336 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1472 | C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe (.Andrea Electronics Corporation - Andrea filters APO access service (64-bit).) - (1.0.64.7) -> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe 1516 | C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (. - .) - (2.6.1519.190) -> C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe 1568 | C:\Windows\system32\atieclxx.exe (.AMD - AMD External Events Client Module.) - (6.14.11.1033) -> atieclxx 1832 | C:\Windows\system32\dmwu.exe (. - .) - (4.0.1.0) -> C:\Windows\system32\dmwu.exe 1860 | C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (.Hewlett-Packard Company - LightScribe Service.) - (1.18.8.1) -> "C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe" 2008 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 2044 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {B9796E53-97F3-4DC9-BF91-3D6F50B792AE} 1564 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 2108 | C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (. - RichVideo Module.) - (2.0.0.3027) -> "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" 2144 | C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (.Microsoft Corp. - Microsoft SeaPort Search Enhancement Broker.) - (1.2.123.0) -> "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" 2156 | C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe (.Enigma Software Group USA, LLC. - SpyHunter4 application.) - (4.9.12.4023) -> "C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe" /s 2228 | C:\Users\jean-luc\AppData\Local\tuto4pc_fr_49\supt4pc_fr_49.exe (. - .) - (0.0.0.0) -> C:\Users\jean-luc\AppData\Local\tuto4pc_fr_49\supt4pc_fr_49.exe 2256 | C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (. - .) - (2.6.1519.190) -> "C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe" /PROTECT 2492 | C:\Program Files (x86)\Tor\tor.exe (. - .) - (0.0.0.0) -> "C:\Program Files (x86)\Tor\tor.exe" --nt-service "-ControlPort" "9051" 2528 | C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (.Wajam - Auto-updater.) - (1.0.0.5) -> "C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe" 2948 | C:\Windows\SysWOW64\jmdp\stij.exe (. - .) - (0.0.0.0) -> "C:\Windows\SysWOW64\jmdp\stij.exe" 1644 | C:\Users\jean-luc\AppData\Local\tuto4pc_fr_33\upt4pc_fr_33.exe (. - .) - (1.0.0.1) -> "C:\Users\jean-luc\AppData\Local\tuto4pc_fr_33\upt4pc_fr_33.exe" -runhelper 324 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {52107423-4187-4EA7-B815-8980379ED42B} 2968 | c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe (.CyberLink Corp. - HP MediaSmart TV Resident Program.) - (3.1.1.2206) -> "c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe" 1552 | c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (.CyberLink - CyberLink MediaLibray Service.) - (4.3.3318.0) -> "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" 1116 | C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (.Synaptics Incorporated - Synaptics TouchPad Enhancements.) - (13.2.4.12) -> "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" 2960 | C:\Program Files\IDT\WDM\sttray64.exe (.IDT, Inc. - IDT PC Audio.) - (1.0.6225.0) -> "C:\Program Files\IDT\WDM\sttray64.exe" 992 | C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (. - SmartMenu.) - (3.1.0.1) -> "C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" /background 1280 | C:\Program Files\Java\jre6\bin\jusched.exe (.Sun Microsystems, Inc. - Java(TM) Platform SE binary.) - (6.0.150.3) -> "C:\Program Files\Java\jre6\bin\jusched.exe" 872 | C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (.Hewlett-Packard Company - .) - (1.18.8.1) -> "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden 2740 | C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe (.Hewlett-Packard - HP Advisor.) - (3.3.9512.3162) -> "C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" view=DOCKVIEW 2736 | C:\Program Files (x86)\Skype\Phone\Skype.exe (.Skype Technologies S.A. - Skype .) - (4.0.0.227) -> "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized 3204 | C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe (. Hewlett-Packard Development Company, L.P. - Quick Launch Buttons.) - (6.5.5.1) -> "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe" /Start 3268 | C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (.Hewlett-Packard - hpwuSchd Application.) - (80.1.0.0) -> "C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe" 3280 | C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (.Hewlett-Packard - HP Wireless Assistant Main Program.) - (3.5.9.1) -> "C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" 3304 | C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) - (2.0.5.1) -> "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" 3312 | C:\Program Files (x86)\tuto4pc_fr_33\tuto4pc_fr_33.exe (. - .) - (0.0.0.0) -> "C:\Program Files (x86)\tuto4pc_fr_33\tuto4pc_fr_33.exe" 3336 | C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe (.SweetIM Technologies Ltd. - SweetIM Instant Messenger Enhancer.) - (3.7.0.7) -> "C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe" 3360 | C:\Program Files (x86)\tuto4pc_fr_49\tuto4pc_fr_49.exe (. - .) - (0.0.0.0) -> "C:\Program Files (x86)\tuto4pc_fr_49\tuto4pc_fr_49.exe" 3408 | C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (.Synaptics Incorporated - Synaptics Pointing Device Helper.) - (13.2.4.12) -> "C:\Program Files\Synaptics\SynTP\SynTPHelper.exe" 3684 | C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (.Microsoft Corporation - Windows Live Messenger.) - (14.0.8089.726) -> "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background 3864 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 3988 | C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe (.Hewlett-Packard Development Company, L.P. - hpqwmiex Module.) - (2.0.14.1) -> "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe" 3388 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 3780 | C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (.Hewlett-Packard Development Company, L.P. - Com for QLB application.) - (6.5.2.1) -> "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe" 1968 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (2.0.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" 4044 | C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (.ATI Technologies Inc. - Catalyst Control Centre: Host application.) - (2.0.0.0) -> "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0 4888 | C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe (. - HpqToaster Module.) - (3.0.24.1) -> "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe" -Embedding 1972 | C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe (.Hewlett-Packard - HP Health Check Service.) - (3.1.7.1) -> "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" 3716 | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 5700 | C:\Program Files (x86)\Mozilla Firefox\firefox.exe (.Mozilla Corporation - Firefox.) - (1.9.2.3989) -> "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" 6084 | C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (.Mozilla Corporation - Plugin Container for Firefox.) - (1.9.2.3989) -> "C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=5700.962c3c0.1343595208 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" 5700 plugin \\.\pipe\gecko-crash-server-pipe.5700 6116 | C:\Users\jean-luc\AppData\Local\tuto4pc_fr_33\upt4pc_fr_33.exe (. - .) - (1.0.0.1) -> "C:\Users\jean-luc\AppData\Local\tuto4pc_fr_33\upt4pc_fr_33.exe" -runupdate 2904 | C:\Users\jean-luc\AppData\Local\tuto4pc_fr_33\Download\majt4pcfr.exe (.Tuto4pc - Tuto4pc Setup .) - (0.0.0.0) -> go=ofcourse country_id=FR product_id=UPD version_id=1306fr33 softs=qvo6,im,wajam,delta majvalue=13.09.06.0 5476 | C:\Users\jean-luc\AppData\Local\Temp\is-M7BC9.tmp\majt4pcfr.tmp (. - Setup/Uninstall.) - (51.52.0.0) -> "C:\Users\jean-luc\AppData\Local\Temp\is-M7BC9.tmp\majt4pcfr.tmp" /SL5="$50386,3917965,56832,C:\Users\jean-luc\AppData\Local\tuto4pc_fr_33\Download\majt4pcfr.exe" go=ofcourse country_id=FR product_id=UPD version_id=1306fr33 softs=qvo6,im,wajam,delta majvalue=13.09.06.0 ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [24/04/2013 21:40:59] - 280 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [112640 Ko] [14/07/2009 01:19:49] - 384 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 01:52:37] - 436 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko] [14/07/2009 01:19:49] - 460 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 01:19:46] - 504 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [30/01/2012 15:36:40] - 520 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [31232 Ko] [30/05/2011 18:15:26] - 528 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [343040 Ko] [30/05/2011 18:15:27] - 592 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe [390656 Ko] [14/07/2009 01:31:13] - 688 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko] [14/07/2009 01:31:13] - 788 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko] [14/07/2009 01:31:13] - 908 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko] [14/07/2009 01:31:13] - 940 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko] [14/07/2009 01:31:13] - 968 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko] [14/07/2009 01:31:13] - 1000 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko] [14/07/2009 01:31:13] - 1160 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko] [14/07/2009 01:31:13] - 1384 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko] [14/07/2009 01:31:13] - 1808 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko] [14/07/2009 01:37:38] - 1260 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko] [13/10/2011 20:47:24] - 1432 | C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (.Symantec Corporation - Symantec Service Framework.) - (109.0.4.9) -> "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /s "NIS" /m "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll" /prefetch:1 [126400 Ko] [13/10/2011 20:47:24] - 2136 | C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe (.Symantec Corporation - Symantec Service Framework.) - (109.0.4.9) -> "C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe" /c /a /s UserSession [126400 Ko] [14/07/2009 01:31:13] - 4916 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServicePeerNet [27136 Ko] [14/07/2009 01:31:13] - 5456 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [27136 Ko] [30/09/2013 15:16:35] - 5436 | C:\Users\jean-luc\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.9.30) -> "C:\Users\jean-luc\Downloads\winlogon.exe /w,e" [2571843 Ko] [30/05/2011 18:15:33] - 5288 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [372736 Ko] [16/09/2013 15:48:34] - 5232 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.9.16) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe /p" [312669 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Repaired : [HKU\S-1-5-21-1651166802-1394991382-2779287920-1001\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 Repaired : [HKU\S-1-5-21-1651166802-1394991382-2779287920-1001\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll -> [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll -> [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 4 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-1651166802-1394991382-2779287920-1001\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-1651166802-1394991382-2779287920-1001\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-1651166802-1394991382-2779287920-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection