¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.1012 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 09:58:07 ~ Update on 12/10/2013 | 16.25 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [nicole (Administrator)] - [MASTER-71A14E51] ~ SID = S-1-5-21-3833680965-1516322037-2618698031-1005 ~ System : Microsoft Windows XP (32 bits) Service Pack 3 ~ ProcessorNameString : Intel(R) Pentium(R) 4 CPU 2.00GHz ~ Identifier : x86 Family 15 Model 2 Stepping 7 ~ Memory RAM = Total (MB) : 1039 | Free (MB) : 765 ~ Pagefile = Total (MB) : 2517 | Free (MB) : 2358 ~ Virtual = Total (MB) : 2097 | Free (MB) : 2012 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [] | Total : 38140 Mo | Free : 23160 Mo -> NTFS d:\-> [Fixed] | [Documents] | Total : 40000 Mo | Free : 5820 Mo -> NTFS e:\-> [CDROM] | [GRTMHOEM_FR] | Total : 570 Mo | Free : 0 Mo -> CDFS f:\-> [Removable] | [saucy32] | Total : 7470 Mo | Free : 6510 Mo -> FAT32 ¤¤¤¤¤¤¤¤¤¤ | Windows Updates Last(s) détection(s) : 2013-10-12 10:01:47 Last(s) download(s) : 2013-10-10 17:27:26 Last(s) installation(s) : 2013-10-10 18:36:55 Next search : 2013-10-13 07:47:28 ¤¤¤¤¤¤¤¤¤¤ | services SC: Security Center Service [Auto(2)] = Stopped WU: Windows Update Service [Auto(2)] = Stopped ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\WINDOWS\system32\config\systemprofile ~ C:\Documents and Settings\LocalService ~ C:\Documents and Settings\NetworkService ~ C:\Documents and Settings\nicole ~ C:\Documents and Settings\Administrateur New restorepoint created Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (1116) -- spoolsv.exe (1732) -- explorer.exe (208) -- mdm.exe (284) -- NMSAccessU.exe (1924) -- ctfmon.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe http://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=WDCXWD400BB-75FJA1_WD-WCAJC2710977&ts=1377532124 -> "C:\Program Files\Internet Explorer\iexplore.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files\Google\Chrome\Application\chrome.exe" -> "C:\Documents and Settings\nicole\Local Settings\Application Data\Google\Chrome\Application\Chrome.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : OK ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 Deleted : HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\E | AutoRun\command : E:\setup.exe Deleted : HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\Mountpoints2\{2c102f78-0c91-11e1-9426-000cf1e3f776} | AutoRun\command : G:\KODAK_Camera_Setup_App.exe Contenu de E:\Autorun.inf : [AutoRun] open=setup.exe icon=setup.exe,0  Contenu de F:\Autorun.inf : [autorun] open=wubi.exe icon=wubi.exe,0 label=Install Ubuntu [Content] MusicFiles=false PictureFiles=false VideoFiles=false ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd ¤¤¤¤¤¤¤¤¤¤ | Security Center [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\Parvdm] : 4 -> 2 Repaired : [HKLM | Services\Browser] : 2 -> 3 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : http://www.google.com/ie -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.fr/ -> http://www.google.com/ Repaired : [HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://www.google.com -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[SearchAssistant] : http://www.google.com/ -> http://www.google.com/ie Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://www.google.com -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\AboutURLs]|[Tabs] : http://www2.delta-search.com/?babsrc=NT_ss&mntrId=682A000CF1E3F776&affID=119357&tsp=5006 -> res://ieframe.dll/tabswelcome.htm ¤ Repaired : [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1 Repaired : [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1 Repaired : [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1 Repaired : [HKU\S-1-5-21-3833680965-1516322037-2618698031-1005\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\WINDOWS\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Moved to quarantine successfully : C:\Recycler\S-1-5-21-3833680965-1516322037-2618698031-500\desktop.ini Moved to quarantine successfully : C:\Recycler\S-1-5-21-3833680965-1516322037-2618698031-500\INFO2 Moved to quarantine successfully : C:\Recycler\S-1-5-21-3833680965-1516322037-2618698031-1005\desktop.ini Moved to quarantine successfully : C:\Recycler\S-1-5-21-3833680965-1516322037-2618698031-1005\INFO2 Removed : C:\Recycler\S-1-5-21-3833680965-1516322037-2618698031-500 Removed : C:\Recycler\S-1-5-21-3833680965-1516322037-2618698031-1005 Moved to quarantine successfully : C:\WINDOWS\Tasks\User_Feed_Synchronization-{E3394553-DF35-4794-AB93-BD15F21F7D46}.job Deleted : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run : Deleted : HKLM\Software\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\RunOnce : Deleted : [HKLM\Software\Microsoft\Command Processor]|[AutoRun] : Moved to quarantine successfully : C:\Documents and Settings\nicole\Local Settings\Application Data\fusioncache.dat Moved to quarantine successfully : C:\UNWISE.EXE Moved to quarantine successfully : C:\NTUser.dat Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\9FLRX27C Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\5CHMRW28 Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\R07DJPV1 Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\Y6CIOU06 Moved to quarantine successfully : C:\Documents and Settings\nicole\Application Data\Sun\Java\Deployment\cache\ Prefetch -> Emptied Suspect : C:\Documents and Settings\nicole\Application Data\Azureus\java.vmoptions Suspect : C:\Documents and Settings\nicole\Application Data\Azureus\azureus.statistics Suspect : C:\Documents and Settings\nicole\Application Data\Azureus\.lock Suspect : C:\Documents and Settings\nicole\Application Data\Azureus\.keystore Suspect : C:\Documents and Settings\nicole\Application Data\Winamp\studio.xnf Suspect : C:\Documents and Settings\nicole\Application Data\Winamp\Winamp.q1 Suspect : C:\Documents and Settings\nicole\Application Data\Winamp\demo.mp3 Suspect : C:\Documents and Settings\nicole\Local Settings\Application Data\avgchrome\avgp D:\ : Vaccinated (Vaccin created by Pre_Scan) F:\AutoRun.inf : Deleted F:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 451 | Restored : 451 ~ [Drive F:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Desktop] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 409 | Restored : 409 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) Disk: 0 Size= 38G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 38G Yes No 2,048 78,118,912 ¤¤¤¤¤¤¤¤¤¤ [HKLM | Winlogon] | AutoRestartShell : 0 -> 1 End : 10:28:29 Standby Restored ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped during the scan Pre_Scan_Protect.exe Stopped successfully ! ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 312