¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0914 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:57:19 ~ Update on 14/09/2013 | 10.55 by g3n-h@ckm@n ~ Evolution : http://security-helpzone.com/gen-hackman/pre_scan-2/changelog/2013-2/ ~ Pre_Script Infos : http://security-helpzone.com/gen-hackman/pre_scan-2/les-switchs-pre_script/ ~ Pre_scan Feedbacks : http://security-helpzone.com/gen-hackman/pre_scan-2/retours-bugs/ ~ [Otmane (Administrator)] - [OTMANE-PC] ~ SID = S-1-5-21-1965174108-2279339805-2271439124-1000 ~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ~ ProcessorNameString : Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz ~ Identifier : Intel64 Family 6 Model 37 Stepping 5 ~ Memory RAM = Total (MB) : 4043 | Free (MB) : 2973 ~ Pagefile = Total (MB) : 8085 | Free (MB) : 6718 ~ Virtual = Total (MB) : 4194 | Free (MB) : 4059 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts C:\Windows\Setup\Scripts\readme.txt C:\Windows\Setup\Scripts\labelc2rdrive.exe C:\Windows\Setup\Scripts\labelc2rdrive.exe.config C:\Windows\Setup\Scripts\SetupComplete.cmd C:\Windows\Setup\Scripts\oobe.cmd ¤¤¤¤¤¤¤¤¤¤ | Drives c:\-> [Fixed] | [OS] | Total : 122570 Mo | Free : 10250 Mo -> NTFS d:\-> [Fixed] | [Data] | Total : 332370 Mo | Free : 52170 Mo -> NTFS e:\-> [CDROM] | [Audio CD] ¤¤¤¤¤¤¤¤¤¤ | Windows Updates No windows updates detected !!! ¤¤¤¤¤¤¤¤¤¤ | services WU: Windows Update Service [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Stopped ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\Windows\system32\config\systemprofile ~ C:\Windows\ServiceProfiles\LocalService ~ C:\Windows\ServiceProfiles\NetworkService ~ C:\Users\Otmane ~ C:\Users\Invité New restorepoint created Standby deleted ! ¤¤¤¤¤¤¤¤¤¤ | stopped Processes 1004 | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) -> C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 536 | C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (.COMODO - COMODO Internet Security.) - (6.2.23257.2860) -> "C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe" 1112 | C:\Windows\system32\atiesrxx.exe (.AMD - AMD External Events Service Module.) - (6.14.11.1069) -> C:\Windows\system32\atiesrxx.exe 1504 | C:\Windows\system32\atieclxx.exe (.AMD - AMD External Events Client Module.) - (6.14.11.1069) -> atieclxx 1856 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe 1244 | C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.4.0) -> "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" 2124 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (.Apple Inc. - MobileDeviceService.) - (17.96.2.2) -> "C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" 2208 | C:\Windows\system32\taskhost.exe (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) -> "taskhost.exe" 2224 | C:\Windows\system32\taskeng.exe (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) -> taskeng.exe {59E0B664-0764-4BE3-90CE-98F312DCEE43} 2248 | c:\program files\soluto\soluto.exe (.Soluto - Soluto.) - (1.3.1140.0) -> "c:\program files\soluto\soluto.exe" /userinit 2432 | C:\Windows\Explorer.EXE (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> C:\Windows\Explorer.EXE 2516 | C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe (. - ALU.) - (1.0.0.1) -> "C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe" 2648 | C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.24650) -> "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe" 3120 | C:\Program Files\Soluto\SolutoLauncherService.exe (.Soluto - Soluto Launcher Service.) - (1.3.1140.0) -> "C:\Program Files\Soluto\SolutoLauncherService.exe" 3168 | C:\Program Files\Soluto\SolutoService.exe (.Soluto - Soluto.) - (1.3.1140.0) -> "C:\Program Files\Soluto\SolutoService.exe" 3264 | C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.24650) -> "C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe" 3504 | C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (.Microsoft Corporation - Microsoft Office Client Virtualization Service .) - (14.0.7101.5000) -> "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE" 4068 | C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe (.COMODO - COMODO Internet Security.) - (6.2.20728.2847) -> "C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe" /ModeAvMonitor -Embedding 1920 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe" 3860 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray 564 | C:\Program Files\Microsoft Security Client\msseces.exe (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.3.215.0) -> "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey 3916 | C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe (.COMODO - COMODO Internet Security.) - (6.2.23257.2860) -> "C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe" 4152 | C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (25.0.571.0) -> "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN29J1GHY705WK:NW" -scfn "HP Deskjet 3050A J611 series (NET)" -AutoStart 1 4164 | C:\Program Files (x86)\uTorrent\uTorrent.exe (.BitTorrent, Inc. - µTorrent.) - (2.2.1.25130) -> "C:\Program Files (x86)\uTorrent\uTorrent.exe" 4596 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (29.0.1547.66) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" 4604 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding 4852 | C:\Users\Otmane\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (.Spotify Ltd - SpotifyWebHelper.) - (0.9.1.57) -> "C:\Users\Otmane\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" 5020 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" 3544 | C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe (.SRS Labs, Inc. - SRS Premium Panel.) - (1.6.24.0) -> "C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip /h 1772 | C:\Windows\system32\RunDll32.exe (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) -> "C:\Windows\system32\RunDll32.exe" "C:\Program Files\HP\HP Deskjet 3050A J611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN29J1GHY705WK;CONNECTION=NW;MONITOR=1; 4416 | C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (. - Wireless Console 3.) - (3.0.12.0) -> "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe" 4464 | C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (.Hewlett-Packard - hpwuSchd Application.) - (80.1.1.0) -> "C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe" 2376 | C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (.OpenOffice.org - OpenOffice.org 3.4.1.) - (3.4.9593.500) -> "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart 5508 | C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (.asus - ControlDeck.) - (1.0.8.1) -> "C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe" 5584 | C:\Windows\AsScrPro.exe (.ASUS - AsScrPro.) - (1.0.0.7) -> "C:\Windows\AsScrPro.exe" 5652 | C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (. - DivX Update.) - (1.0.6.105) -> "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW 5664 | C:\Program Files (x86)\iTunes\iTunesHelper.exe (.Apple Inc. - iTunesHelper.) - (11.0.5.5) -> "C:\Program Files (x86)\iTunes\iTunesHelper.exe" 6096 | C:\Program Files\iPod\bin\iPodService.exe (.Apple Inc. - iPodService Module (64-bit).) - (11.0.5.5) -> "C:\Program Files\iPod\bin\iPodService.exe" 3656 | C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (.OpenOffice.org - OpenOffice.org 3.4.1.) - (3.4.9593.500) -> "C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program" 5412 | C:\Program Files\COMODO\COMODO Internet Security\cis.exe (.COMODO - COMODO Internet Security.) - (6.2.23257.2860) -> "C:\Program Files\COMODO\COMODO Internet Security\cis.exe" --alertsUI 5604 | C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (.Google Inc. - Google Chrome.) - (29.0.1547.66) -> "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll" --lang=fr --channel="4596.10.264527437\1612767600" /prefetch:-390060480 6040 | C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe (. - .) - (1.2.1.241) -> "C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" 6664 | C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (.Google Inc. - Programme d'installation de Google.) - (1.2.183.9) -> "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c 6816 | C:\Program Files\Bonjour\mDNSResponder.exe (.Apple Inc. - Bonjour Service.) - (3.0.0.10) -> "C:\Program Files\Bonjour\mDNSResponder.exe" 7068 | C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (.Freemake - FreemakeUtilsService.) - (1.0.0.0) -> "C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe" 5936 | C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (.Microsoft - CaptureLibService.) - (1.0.0.0) -> "C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe" 2956 | C:\Program Files\Elantech\ETDCtrl.exe (.ELAN Microelectronic Corp. - ETD Control Center.) - (7.0.6.5) -> "C:\Program Files\Elantech\ETDCtrl.exe" 5744 | C:\Program Files\Elantech\ETDCtrlHelper.exe (.ELAN Microelectronic Corp. - ETD Control Center Helper.) - (7.0.6.5) -> "C:\Program Files\Elantech\ETDCtrlHelper.exe" 7104 | C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (.Acresso Corporation - Acresso Software Manager.) - (11.60.100.23865) -> "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler 6752 | C:\Program Files (x86)\Steam\Steam.exe (.Valve Corporation - Steam Client Bootstrapper (buildbot_winslave04_steam_steam_rel_client_win32@winslave04).) - (1.89.86.91) -> "C:\Program Files (x86)\Steam\Steam.exe" -silent 1588 | C:\Program Files (x86)\Common Files\Steam\SteamService.exe (.Valve Corporation - Steam Client Service (buildbot_winslave04_steam_steam_rel_client_win32@winslave04).) - (1.89.86.91) -> "C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService 6556 | C:\Program Files\Microsoft Security Client\MpCmdRun.exe (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.3.215.0) -> "C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 4682CAE5-5BD3-5020-099A-462FC34505C8 -Reinvoke 8348 | C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe (.Hewlett-Packard Co. - HPNetworkCommunicator.) - (25.0.571.0) -> "C:\Program Files\HP\HP Deskjet 3050A J611 series\Bin\HPNetworkCommunicator.exe" ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [11/09/2013 07:17:40] - 468 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7601.18229) -> \SystemRoot\System32\smss.exe [112640 Ko] [14/07/2009 01:19:49] - 584 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 01:52:37] - 664 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de démarrage de Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko] [14/07/2009 01:19:49] - 684 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’exécution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko] [14/07/2009 01:19:46] - 732 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko] [20/06/2011 22:02:56] - 764 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe /w,e [390656 Ko] [31/01/2012 18:34:56] - 772 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [31232 Ko] [20/06/2011 22:02:56] - 784 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [343040 Ko] [14/07/2009 01:31:13] - 908 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko] [14/07/2009 01:31:13] - 328 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko] [14/07/2009 01:31:13] - 864 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko] [20/06/2013 20:33:08] - 1036 | C:\Program Files\Microsoft Security Client\MsMpEng.exe (.Microsoft Corporation - Antimalware Service Executable.) - (4.3.215.0) -> "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [23808 Ko] [14/07/2009 01:31:13] - 1144 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko] [14/07/2009 01:31:13] - 1192 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko] [14/07/2009 01:31:13] - 1236 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko] [14/07/2009 01:31:13] - 1272 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko] [24/07/2013 00:01:37] - 1696 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (8.0.1489.300) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [46808 Ko] [14/07/2009 01:31:13] - 1892 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko] [14/07/2009 01:37:38] - 2308 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fenêtres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko] [14/07/2009 01:31:13] - 2588 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko] [14/07/2009 01:31:13] - 3224 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [27136 Ko] [14/07/2009 01:31:13] - 3596 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k bthsvcs [27136 Ko] [17/08/2012 01:13:55] - 3672 | C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) - (1.70.0.0) -> "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [701512 Ko] [24/07/2013 00:01:37] - 4472 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (8.0.1489.300) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4858968 Ko] [14/07/2009 01:31:13] - 3152 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServicePeerNet [27136 Ko] [14/07/2009 01:31:13] - 5888 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus hôte pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k SDRSVC [27136 Ko] [15/09/2013 12:21:36] - 6888 | C:\Users\Otmane\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.9.14) -> "C:\Users\Otmane\Downloads\winlogon.exe /w,e" [2570093 Ko] [20/06/2011 22:03:06] - 6876 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe [372736 Ko] [12/09/2013 15:27:35] - 5392 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.9.12) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe /p" [312649 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine Repaired : [HKLM | Winlogon]|[userinit] : userinit.exe, -> C:\Windows\SysWOW64\userinit.exe, Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\Google Chrome\shell\open\command] : "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -> "C:\Users\Otmane\AppData\Local\Google\Chrome\Application\Chrome.exe" ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktop] : 1 -> 0 Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoActiveDesktopChanges] : 1 -> 0 Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0 Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Taskmgr and Registry Access ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : O.K ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 ¤¤¤¤¤¤¤¤¤¤ | Security Center ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Service : IPHLPSVC : Restored Service : WINDEFEND : Restored Repaired : [HKLM | Services\agp440] : 3 -> 2 Repaired : [HKLM | Services\Browser] : 2 -> 3 Repaired : [HKLM | Services\Bits] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\SharedAccess] : 3 -> 2 Repaired : [HKLM | Services\windefend] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 Repaired : [HKLM | Services\WerSvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\Software\Microsoft\Internet Explorer\Main]|[Search Bar] : Preserve -> http://www.google.com/ Repaired : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000_Classes\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://allssearch.com/ -> http://www.google.com/ Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.google.com -> http://www.google.com/ Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\Software\Microsoft\Internet Explorer\Main]|[Search Page] : http://go.microsoft.com/fwlink/?LinkId=54896 -> http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\Windows\System32\Drivers\etc\hosts : Cleaned ¤¤¤¤¤¤¤¤¤¤ | reparsepoint ¤¤¤¤¤¤¤¤¤¤ | Offsets detection ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Removed : C:\$Recycle.bin\S-1-5-20 Removed : C:\$Recycle.bin\S-1-5-21-1965174108-2279339805-2271439124-501 Removed : C:\$Recycle.bin\S-1-5-21-1965174108-2279339805-2271439124-1000 Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\ev_clear.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\delfolders.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\FWPolicy.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\delorphans.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\searchlnk.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\medfos.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\chrome.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\TDL4.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\iexplore.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\firefox.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\modules.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\prelim.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\ask.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\runvalues.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\misc.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\get.bat Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\JRT.bat Moved to quarantine successfully : C:\Users\All Users\FullRemove.exe Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\Quarantine.exe Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\merger.reg Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\datamngr_del.reg Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\appinit_null.reg Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\appinit64_null.reg Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\Temp\jrt\clean_shortcut.vbs Moved to quarantine successfully : C:\Users\Invité\AppData\Local\IconCache.db Moved to quarantine successfully : C:\Users\Otmane\AppData\Local\IconCache.db Moved to quarantine successfully : C:\Users\Otmane\Downloads\utorrent_2.2.1-25130.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\AdwCleaner-2.306.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\AdwCleaner-2.306 (1).exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\codeblocks-12.11mingw-setup.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\ChromeSetup.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\ChromeSetup (1).exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\ffxivsetup.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\Firefox Setup Stub 23.0.1.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\anki-2.0.8.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\anki-2.0.12.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\codeblocks-12.11mingw-setup_user (1).exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\DivXInstaller.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\ZHPDiag2.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\JRT.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\mbam-setup-1.75.0.1300.exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\anki-2.0.8 (1).exe Moved to quarantine successfully : C:\Users\Otmane\Downloads\1055.BFE.reg Moved to quarantine successfully : C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1965174108-2279339805-2271439124-1000Core.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\FacebookUpdateTaskUserS-1-5-21-1965174108-2279339805-2271439124-1000Core Moved to quarantine successfully : C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1965174108-2279339805-2271439124-1000UA.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\FacebookUpdateTaskUserS-1-5-21-1965174108-2279339805-2271439124-1000UA Moved to quarantine successfully : C:\Windows\Tasks\HP Photo Creations Messager.job Moved to quarantine successfully : C:\Windows\System32\Tasks\\HP Photo Creations Messager Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]|[Malwarebytes' Anti-Malware] : "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray Moved to quarantine successfully : C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe Deleted : [HKU\S-1-5-21-1965174108-2279339805-2271439124-1000\Software\Microsoft\Windows\CurrentVersion\Run]|[uTorrent] : "C:\Program Files (x86)\uTorrent\uTorrent.exe" Moved to quarantine successfully : C:\Program Files (x86)\uTorrent\uTorrent.exe Moved to quarantine successfully : C:\RECOVERY.DAT Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{E3739848-5329-48E3-8D28-5BBD6E8BE384}.log Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}.log Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}.log Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{d36dd326-7280-11d8-97c8-000129760cbe}.log Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log Moved to quarantine successfully : C:\ProgramData\C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log Moved to quarantine successfully : C:\Windows\assembly\tmp\ Moved to quarantine successfully : C:\Users\Otmane\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 Moved to quarantine successfully : C:\Users\Otmane\AppData\LocalLow\Sun\Java\Deployment\cache\security Prefetch -> Emptied Suspect : C:\Users\Otmane\AppData\Roaming\.minecraft\lastlogin Suspect : C:\Users\Otmane\AppData\Roaming\Braid\slot_0.braid_campaign Suspect : C:\Users\Otmane\AppData\Roaming\Spotify\user-cache.bnk Suspect : C:\Users\Otmane\AppData\Roaming\Spotify\watchdog.bnk Suspect : C:\Users\Otmane\AppData\Roaming\Spotify\prefs Suspect : C:\Users\Otmane\AppData\Roaming\uTorrent\apps.btapp Suspect : C:\ProgramData\Origin\bfafdb94e51d7a50e9b5f4fd26cc9dda.olc Suspect : C:\ProgramData\HP Photo Creations\PhotoProductCore.sp Suspect : C:\Users\Otmane\AppData\Local\DDMSettings\settings.ddi Suspect : C:\Users\Otmane\AppData\Local\Spotify\offline.bnk Suspect : C:\Users\Otmane\AppData\Local\Temp\LOL_PublicD68102I3.dmp Suspect : C:\Users\Otmane\AppData\Local\Temp\preferences Suspect : C:\Windows\snp2uvc.src Suspect : C:\Windows\Àú¾ Suspect : C:\Windows\0 D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive D:] : Hidden : 1839 | Restored : 1838 ~ [Program Files] : Hidden : 5 | Restored : 5 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Music] : Hidden : 47 | Restored : 47 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 130 | Restored : 128 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 17 | Restored : 17 ¤¤¤¤¤¤¤¤¤¤ | Listing Partition(s) ¤¤¤¤¤¤¤¤¤¤ [HKLM64 | Winlogon]|[AutoRestartShell] : 1 End : 16:00:02 Pre_Scan_Protect.exe Stopped successfully ! Standby Restored ! ¤¤¤¤¤¤¤¤¤¤ | Attempt to restart stopped 12:23:33 : 9812 | C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:23:33 : 8436 | C:\Windows\explorer.exe 12:23:33 : 9340 | C:\Windows\system32\SearchIndexer.exe 12:23:34 : 1124 | C:\Program Files\Windows Media Player\wmpnetwk.exe 12:23:34 : 1088 | C:\Windows\system32\SearchProtocolHost.exe 12:23:34 : 4132 | C:\Windows\system32\SearchFilterHost.exe 12:23:34 : 2116 | C:\Windows\explorer.exe 12:23:43 : 2576 | C:\Windows\system32\SearchIndexer.exe 12:23:43 : 2276 | C:\Program Files\Windows Media Player\wmpnetwk.exe 12:24:04 : 8432 | C:\Program Files\Windows Media Player\wmpnetwk.exe 12:24:04 : 8688 | C:\Windows\system32\SearchIndexer.exe 12:24:13 : 6124 | C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 12:24:13 : 4660 | C:\Windows\System32\spoolsv.exe 12:38:49 : 1028 | C:\Windows\system32\taskeng.exe 12:42:00 : 7392 | C:\Windows\system32\taskeng.exe 12:43:00 : 2344 | C:\Windows\system32\taskeng.exe 12:47:00 : 9472 | C:\Windows\system32\taskeng.exe 12:53:00 : 7580 | C:\Windows\system32\taskeng.exe 12:58:00 : 9636 | C:\Windows\system32\taskeng.exe 12:58:29 : 4736 | C:\Windows\system32\SearchIndexer.exe 12:58:29 : 6600 | C:\Program Files\Microsoft Security Client\MpCmdRun.exe 12:59:00 : 3284 | C:\Program Files\Microsoft Security Client\MpCmdRun.exe 12:59:00 : 4996 | C:\Windows\system32\taskeng.exe 12:59:30 : 7620 | C:\Program Files\Microsoft Security Client\MpCmdRun.exe 12:59:59 : 9496 | C:\Program Files\Microsoft Security Client\MpCmdRun.exe 13:01:00 : 3556 | C:\Windows\system32\taskeng.exe 13:01:33 : 3424 | C:\Windows\system32\taskhost.exe 13:09:17 : 1380 | C:\Windows\system32\SearchIndexer.exe 13:18:32 : 9344 | C:\Windows\system32\SearchIndexer.exe 13:18:32 : 4064 | C:\Windows\system32\SearchIndexer.exe 13:18:33 : 7776 | C:\Windows\system32\SearchIndexer.exe 13:42:00 : 1116 | C:\Windows\system32\taskeng.exe 13:47:00 : 6780 | C:\Windows\system32\taskeng.exe 13:53:01 : 3112 | C:\Windows\system32\taskeng.exe 13:58:00 : 4836 | C:\Windows\system32\taskeng.exe 13:59:00 : 8496 | C:\Windows\system32\taskeng.exe 14:01:00 : 8096 | C:\Windows\system32\taskeng.exe 14:07:00 : 2304 | C:\Windows\system32\taskeng.exe 14:09:43 : 4640 | C:\Windows\system32\taskhost.exe 14:42:00 : 6108 | C:\Windows\system32\taskeng.exe 14:47:00 : 7248 | C:\Windows\system32\taskeng.exe 14:53:00 : 4980 | C:\Windows\system32\taskeng.exe 14:58:00 : 3032 | C:\Windows\system32\taskeng.exe 14:59:00 : 6176 | C:\Windows\system32\taskeng.exe 15:00:00 : 4228 | C:\Windows\system32\taskeng.exe 15:01:00 : 628 | C:\Windows\system32\taskeng.exe 15:02:00 : 8756 | C:\Windows\system32\taskeng.exe 15:10:20 : 5496 | C:\Windows\system32\taskhost.exe 15:42:00 : 8628 | C:\Windows\system32\taskeng.exe 15:47:00 : 2104 | C:\Windows\system32\taskeng.exe 15:50:47 : 8052 | C:\Windows\system32\SearchIndexer.exe 15:50:48 : 7296 | C:\Windows\system32\SearchIndexer.exe 15:50:48 : 9812 | C:\Windows\system32\SearchIndexer.exe 15:53:00 : 740 | C:\Windows\system32\taskeng.exe 15:58:00 : 7072 | C:\Windows\system32\taskeng.exe 15:59:00 : 5596 | C:\Windows\system32\taskeng.exe 16:00:02 : 3908 | C:\Pre_Scan\MBR\Winlogon.pif ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 451