¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.02.12.3 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 06:59:21 Mis à jour le 12/02/2014 | 21.50 par g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_Script Infos : http://gen-hackman.purforum.com/t49-5-les-switchs-du-script Pre_scan Feedbacks : http://gen-hackman.purforum.com/f10-pre_scan-feedbacks [Paret (Administrator)] - [PARET-PC] SID = S-1-5-21-1270109959-565829613-2920801804-1000 D‚marrage : Normal Système : Windows 7 Professional (64 bits) Professional Service Pack 1 ProcessorNameString : Intel(R) Pentium(R) CPU G2020 @ 2.90GHz Identifier : Intel64 Family 6 Model 58 Stepping 9 Mémoire RAM = Total (MB) : 4137 | Libre (MB) : 2880 Pagefile = Total (MB) : 8272 | Libre (MB) : 6873 Virtuelle = Total (MB) : 4194 | Libre (MB) : 4038 ¤¤¤¤¤¤¤¤¤¤ | Composants de démarrage ¤¤¤¤¤¤¤¤¤¤¤ | Péripheriques C:\-> [Fixed] | [] | Total : 484740 Mo | Libre : 412010 Mo -> NTFS D:\-> [Fixed] | [STOCKAGE] | Total : 469020 Mo | Libre : 239260 Mo -> NTFS F:\-> [Fixed] | [DISQUE DUR EXTERNE] | Total : 476940 Mo | Libre : 70350 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Mises à jour Windows Aucune mise à jour détectée !!! ¤¤¤¤¤¤¤¤¤¤ | Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Paret Registre sauvegardé , pour restaurer : C:\Pre_Scan\Save\Scan\ERDNT.exe Mise en veille supprimée ! ¤¤¤¤¤¤¤¤¤¤ | Navigateurs IE : 11.0.9600.16428 (© Microsoft Corporation.) FF : 27.0.0.5140 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 31.0.1650.63 (Copyright 2012 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ | FlashPlayer FlashPlayer Plugin : 11.9.900.170 ¤¤¤¤¤¤¤¤¤¤ | Security FW : WINDOWS Firewall ¤¤¤¤¤¤¤¤¤¤ | Processus stoppés 1580 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1596 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 1816 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" 1836 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 1868 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 1916 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.738.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe" 1972 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (8.1.0.1265) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe" 2000 | C:\Windows\system32\msiexec.exe (.Microsoft Corporation - Installateur Windows®.) - (5.0.7601.17514) -> C:\Windows\system32\msiexec.exe /V 2692 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {698FFF82-133E-4BD3-869E-33DD121D29F2} 2924 | C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.791) -> "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s 2948 | C:\Users\Paret\AppData\Roaming\uTorrent\uTorrent.exe (.BitTorrent Inc. - µTorrent.) - (3.3.2.30260) -> "C:\Users\Paret\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED 2092 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 1736 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 2144 | C:\Windows\system32\SearchProtocolHost.exe (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) -> "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" 3588 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.Intel Corporation - Local Manageability Service.) - (8.1.0.1281) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" 3844 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (31.0.1650.63) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 4048 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (31.0.1650.63) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3844.0.1256811111\1417754252" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,3,12,22 --gpu-vendor-id=1002 --gpu-device-id=6738 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=13.152.1.8000 --ignored=" --type=renderer " /prefetch:822062411 3876 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (31.0.1650.63) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=fr --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/BrowserPreReadExperiment/100-pct-default/CookieRetentionPriorityStudy/ExperimentOn/DeferBackgroundExtensionCreation/RateLimited/ForceCompositingMode/thread/InstantExtended/Group1 pct:25 stable:r4 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/OmniboxBundledExperimentV1/StandardR2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group3/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_16/UMA-Uniformity-Trial-1-Percent/group_95/UMA-Uniformity-Trial-10-Percent/group_05/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_05/UMA-Uniformity-Trial-50-Percent/group_01/" --enable-threaded-compositing --extension-process --renderer-print-preview --disable-html-notifications --channel="3844.3.1312865609\1614686721" /prefetch:673131151 3028 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (.Intel Corporation - Intel(R) Management and Security Status.) - (8.1.0.1281) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup 1328 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (.Intel Corporation - User Notification Service.) - (8.1.0.1281) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" 3516 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe 3272 | C:\Windows\system32\wuauclt.exe (.Microsoft Corporation - Windows Update.) - (7.6.7600.256) -> "C:\Windows\system32\wuauclt.exe" ¤¤¤¤¤¤¤¤¤¤ | Processus en cours [14/07/2009 00:36:49] - 612 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [96256 Ko] [14/07/2009 00:19:28] - 836 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [20992 Ko] [14/07/2009 00:19:28] - 920 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [20992 Ko] [14/07/2009 00:19:28] - 1020 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 496 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [14/07/2009 00:19:28] - 544 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [20992 Ko] [14/07/2009 00:19:28] - 628 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [20992 Ko] [14/07/2009 00:19:28] - 1088 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [20992 Ko] [14/07/2009 00:19:28] - 1268 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [20992 Ko] [09/01/2014 17:36:22] - 1364 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (9.0.2011.263) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [50344 Ko] [14/07/2009 00:19:28] - 1660 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [20992 Ko] [14/07/2009 00:19:28] - 1260 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [20992 Ko] [14/07/2009 00:19:28] - 1356 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted [20992 Ko] [09/01/2014 17:36:22] - 2352 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (9.0.2011.263) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [3764024 Ko] [14/07/2009 00:19:28] - 1956 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [20992 Ko] [14/07/2009 00:19:28] - 3648 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [20992 Ko] [21/11/2010 04:24:27] - 3064 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [257536 Ko] [15/02/2014 06:55:12] - 3196 | C:\Users\Paret\Downloads\winlogon.exe (. - Pre_Scan.) - (4.2.12.3) -> "C:\Users\Paret\Downloads\winlogon.exe w,e" [2919936 Ko] [19/06/2012 18:10:34] - 1720 | C:\Program Files\Intel\iCLS Client\HeciServer.exe (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.24.738.1) -> "C:\Program Files\Intel\iCLS Client\HeciServer.exe" [634632 Ko] [08/08/2013 14:03:02] - 1820 | C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (.Intel Corporation - Local Manageability Service.) - (8.1.0.1281) -> "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe" [277824 Ko] [21/11/2010 04:25:05] - 1976 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko] [09/09/2013 13:07:06] - 3024 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [427520 Ko] [07/01/2014 02:32:26] - 3496 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [43336 Ko] [21/11/2010 04:24:28] - 2176 | C:\Windows\system32\msiexec.exe (.Microsoft Corporation - Installateur Windows®.) - (5.0.7601.17514) -> C:\Windows\system32\msiexec.exe /V [73216 Ko] [21/11/2010 04:24:03] - 3904 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe [194048 Ko] [21/11/2010 04:23:53] - 1564 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {5750CCDD-BFF1-4B05-8B3E-0D525802671B} [192000 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon utilisateur : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon machine Modifié : [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 Réparé : [HKLM | Winlogon]|[userinit] : userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Réparé : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Réparé : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files (x86)\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" Réparé : [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s Réparé : [HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://www.fileextensionpro.com/redir.aspx?s=bu10_0_0_0_0,c088aef5-4408-4eae-a163-fc389cf2275f,&LangID=%04x&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s ¤¤¤¤¤¤¤¤¤¤ | Registre Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Réparé : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Réparé : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Réparé : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Réparé : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Réparé : [HKLM64\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Réparé : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0 Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Accès au registre et au gestionnaire des taches ¤¤¤¤¤¤¤¤¤¤ | SafeBoot Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Supprimé : HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{a6f749b7-444f-11e3-9427-94de80287dbf} | AutoRun\command : G:\setup.exe ¤¤¤¤¤¤¤¤¤¤ | Windows [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : c:\progra~2\sk-enh~1\psupport.dll [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Centre de sécurité Réparé : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]|[EnableFirewall] : 1 -> 0 Réparé : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0 Réparé : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]|[EnableFirewall] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Correction des services Réparé : [Compbatt] : 3 -> 0 Réparé : [agp440] : 3 -> 2 Réparé : [EapHost] : 3 -> 2 Réparé : [Wlansvc] : 3 -> 2 Réparé : [SharedAccess] : 4 -> 2 Réparé : [wudfsvc] : 3 -> 2 Réparé : [WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Supprimé : S-1-5-21-1270109959-565829613-2920801804-1000 : Proxyserver -> :0 ¤ Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/ Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : https://www.google.fr/ -> http://www.google.com/ Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.awesomehp.com/web/?type=ds&ts=1392042610&from=ild&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5H93345533455&q={searchTerms} -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Réparé : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157 Réparé : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Réparé : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Réparé : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896 Réparé : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.awesomehp.com/web/?type=ds&ts=1392042610&from=ild&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5H93345533455&q={searchTerms} -> http://go.microsoft.com/fwlink/?LinkId=54896 Réparé : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157 Réparé : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Réparé : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=54896 Réparé : [HKLM64\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.awesomehp.com/web/?type=ds&ts=1392042610&from=ild&uid=WDCXWD10EARS-00Y5B1_WD-WCAV5H93345533455&q={searchTerms} -> http://go.microsoft.com/fwlink/?LinkId=54896 Réparé : [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://www.google.com -> res://ieframe.dll/tabswelcome.htm ¤ Réparé : [HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Nettoyé ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Détection des offsets ¤¤¤¤¤¤¤¤¤¤ | Fichiers | Dossiers | Registre Supprimé : C:\$Recycle.bin\S-1-5-21-1270109959-565829613-2920801804-1000 Supprimé : HKU\S-1-5-21-1270109959-565829613-2920801804-1000\Software\AVS4YOU Supprimé : HKLM\Software\EnigmaSoftwareGroup Déplacé en quarantaine avec succès : C:\Users\Paret\AppData\Local\microsoft\windows\WebCacheLock.dat Déplacé en quarantaine avec succès : C:\Windows\assembly\tmp\ Déplacé en quarantaine avec succès : C:\Users\Paret\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Déplacé en quarantaine avec succès : C:\Users\Paret\AppData\LocalLow\Sun\Java\Deployment\cache\security Prefetch -> Nettoyé D:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 1965 | Restored : 1965 ~ [Drive F:] : Hidden : 665 | Restored : 665 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 1 | Restored : 1 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 48 | Restored : 48 ~ [Libraries] : Hidden : 33 | Restored : 33 ¤¤¤¤¤¤¤¤¤¤ | Contrôle des partitions Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 485G No No 206,848 992,751,616 2 2 07-NTFS 469G No No 992,958,464 960,561,152 ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1 End : 07:10:26 Mise en veille restaurée ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 310