cjoint

Publicité


Publicité

Format du document : text/plain

Prévisualisation


��������������� Pre_Scan | g3n-h@ckm@n | 05.04.21.1 ���������������


����� XP | Vista | 7 | 8 - 32/64 bits ����� - Start 11:58:47

Updated 21/04/2015 | 13.30 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html
[admin (Administrator)] - [GNS-63CD794484B]
SID = S-1-5-21-1614895754-1682526488-1177238915-1004
Boot: Normal boot
System : Microsoft Windows XP (32 bits) Service Pack 3
ProcessorNameString : Intel(R) Pentium(R) D CPU 3.00GHz
Identifier : x86 Family 15 Model 6 Stepping 5
Memory RAM = Total (MB) : 1040 | Free (MB) : 702
Pagefile = Total (MB) : 2501 | Free (MB) : 2304
Virtual = Total (MB) : 2097 | Free (MB) : 2020

���������� # Components of starting up


����������� # Drives

C:\-> [Fixed] | [] | Total : 150000 Mo | Free : 136170 Mo -> NTFS
D:\-> [Fixed] | [] | Total : 90000 Mo | Free : 35260 Mo -> NTFS
E:\-> [Fixed] | [] | Total : 65240 Mo | Free : 2310 Mo -> NTFS
F:\-> [Removable] | [] | Total : 980 Mo | Free : 490 Mo -> FAT

���������� # Windows updates

Last detection : 2015-04-09 15:47:40

���������� # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\Documents and Settings\LocalService
C:\Documents and Settings\NetworkService
C:\Documents and Settings\admin
Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [26.04.2015 @ 11_57_48])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

���������� # Browsers

IE : 6.0.2900.5512 (� Microsoft Corporation.)
FF : 11.0.0.4454 (�Firefox and Mozilla Developers, according to the MPL 1.1/GPL 2.0/LGPL 2.1 licenses, as applicable.)
GC : 42.0.2311.90 (Copyright 2012 Google Inc.)

���������� # FlashPlayer

ActiveX : 11.5.502.146
?????????? # Security
AV :
AS :
FW :
WMI : OK
SC: Security Center Service [Auto(2)] = Running
WU: Windows Update Service [Auto(2)] = Running

���������� # Stopped processes

1452 | [Owner : SYSTEM |Parent : 792] - (.Microsoft Corporation - Spooler SubSystem App.) - (5.1.2600.5512) = C:\WINDOWS\system32\spoolsv.exe
1520 | [Owner : SERVICE LOCAL |Parent : 792] - (.Microsoft Corporation - Serveur de gestion de ressources des cartes � puce.) - (5.1.2600.5512) = C:\WINDOWS\system32\scardsvr.exe
1708 | [Owner : SYSTEM |Parent : 792] - (. - PassThruSvr Application.) - (1.2.1.8) = C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
1912 | [Owner : SYSTEM |Parent : 792] - (. - User-Level Modem Service.) - (1.0.0.1) = C:\WINDOWS\system32\slserv.exe
1956 | [Owner : SYSTEM |Parent : 792] - (. - .) - (1.0.5594.1168) = C:\Program Files\Fichiers communs\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\Updater.exe
1204 | [Owner : SERVICE LOCAL |Parent : 792] - (.Microsoft Corporation - Application Layer Gateway Service.) - (5.1.2600.5512) = C:\WINDOWS\system32\alg.exe
1744 | [Owner : admin |Parent : 1140] - (.Microsoft Corporation - Windows Security Center Notification App.) - (5.1.2600.5512) = C:\WINDOWS\system32\wscntfy.exe
428 | [Owner : admin |Parent : 268] - (.Microsoft Corporation - Explorateur Windows.) - (6.0.2900.5512) = C:\WINDOWS\explorer.exe
420 | [Owner : admin |Parent : 524] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) = C:\WINDOWS\system32\svchost.exe
1004 | [Owner : admin |Parent : 524] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) = C:\WINDOWS\system32\svchost.exe
2232 | [Owner : admin |Parent : 428] - (.Intel Corporation - igfxTray Module.) - (6.14.10.4926) = C:\WINDOWS\system32\igfxtray.exe
2284 | [Owner : admin |Parent : 428] - (.Intel Corporation - hkcmd Module.) - (6.14.10.4926) = C:\WINDOWS\system32\hkcmd.exe
2300 | [Owner : admin |Parent : 428] - (.Intel Corporation - persistence Module.) - (6.14.10.4926) = C:\WINDOWS\system32\igfxpers.exe
2356 | [Owner : admin |Parent : 976] - (.Intel Corporation - igfxsrvc Module.) - (6.14.10.4926) = C:\WINDOWS\system32\igfxsrvc.exe
2376 | [Owner : admin |Parent : 2156] - (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) = C:\WINDOWS\system32\svchost.exe
2396 | [Owner : admin |Parent : 428] - (. - HTC UPCT Loader.) - (1.0.3.55) = C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
2428 | [Owner : admin |Parent : 428] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) - (2.4.0.5) = C:\WINDOWS\RTHDCPL.EXE
2464 | [Owner : admin |Parent : 428] - (.Microsoft Corporation - CTF Loader.) - (5.1.2600.5512) = C:\WINDOWS\system32\ctfmon.exe
2532 | [Owner : admin |Parent : 428] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.23.10.2) = C:\Program Files\Internet Download Manager\IDMan.exe
2552 | [Owner : admin |Parent : 428] - (. - DRP Su Updater.) - (0.0.25.0) = C:\Documents and Settings\admin\Application Data\DRPSu\DrvUpdater.exe
2724 | [Owner : admin |Parent : 428] - (.Nero AG - Nero Home.) - (1.5.3.0) = C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
2884 | [Owner : admin |Parent : 976] - (.Nero AG - Nero Home.) - (1.5.3.0) = C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
3024 | [Owner : admin |Parent : 2532] - (.Tonec Inc. - Internet Download Manager agent for click monitoring in IE-based browsers.) - (6.22.1.1) = C:\Program Files\Internet Download Manager\IEMonitor.exe
3128 | [Owner : admin |Parent : 428] - (.Google Inc. - Google Chrome.) - (42.0.2311.90) = C:\Program Files\Google\Chrome\Application\chrome.exe
3568 | [Owner : admin |Parent : 3128] - (.Google Inc. - Google Chrome.) - (42.0.2311.90) = C:\Program Files\Google\Chrome\Application\chrome.exe
1108 | [Owner : admin |Parent : 3128] - (.Google Inc. - Google Chrome.) - (42.0.2311.90) = C:\Program Files\Google\Chrome\Application\chrome.exe
3856 | [Owner : admin |Parent : 3128] - (.Google Inc. - Google Chrome.) - (42.0.2311.90) = C:\Program Files\Google\Chrome\Application\chrome.exe
2896 | [Owner : SYSTEM |Parent : 792] - (. - .) - (1.0.5594.8359) = C:\Documents and Settings\All Users\Application Data\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugincontainer.exe
2984 | [Owner : SYSTEM |Parent : 2896] - (. - .) - (1.0.5594.6571) = C:\Documents and Settings\All Users\Application Data\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\3\Plugin.exe
3152 | [Owner : admin |Parent : 2984] - (. - .) - (1.0.5594.6571) = C:\Documents and Settings\All Users\Application Data\5b4b2b13-bc3c-4690-a9ac-2f28c7e74c15\plugins\3\Plugin.exe
456 | [Owner : admin |Parent : 1140] - (.Microsoft Corporation - Windows Security Center Notification App.) - (5.1.2600.5512) = C:\WINDOWS\system32\wscntfy.exe

���������� # Winlogon user


���������� # Winlogon machine

Repaired : [HKLM | Winlogon]|[userinit] : c:\windows\system32\userinit.exe,,c:\program files\microsoft\watermark.exe -> C:\WINDOWS\System32\userinit.exe,

���������� # SafeBoot

Safeboot Keys are O.K
Alternate shell is OK !
?
Repaired : [HKLM | Minimal\vds] : -> Service
Repaired : [HKLM | Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] : -> Volume shadow copy
?
Safeboot Network Subkeys : O.K !

���������� # IFEO


���������� # Mountpoints2

Content of F:\AutoRun.inf :
[AutoRun]
Open=SysAnti.exe
Shell\Open=����(&O)
Shell\Open\Command=SysAnti.exe
Shell\Open\Default=1
Shell\Explore=��Դ������(&X)
Shell\Explore\Command=SysAnti.exe
Content of E:\AutoRun.inf :
[AutoRun]
Open=SysAnti.exe
Shell\Open=����(&O)
Shell\Open\Command=SysAnti.exe
Shell\Open\Default=1
Shell\Explore=��Դ������(&X)
Shell\Explore\Command=SysAnti.exe
Content of D:\AutoRun.inf :
[AutoRun]
Open=SysAnti.exe
Shell\Open=����(&O)
Shell\Open\Command=SysAnti.exe
Shell\Open\Default=1
Shell\Explore=��Դ������(&X)
Shell\Explore\Command=SysAnti.exe
Content of C:\AutoRun.inf :
[AutoRun]
Open=SysAnti.exe
Shell\Open=����(&O)
Shell\Open\Command=SysAnti.exe
Shell\Open\Default=1
Shell\Explore=��Դ������(&X)
Shell\Explore\Command=SysAnti.exe

���������� # Windows

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

���������� # Security center

Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]|[Autostart] : C:\WINDOWS\System32\ActionCenter.dll
Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]|[EnableFirewall] : 1 -> 0

���������� # Services

Repaired : [Compbatt] : -> 0
Repaired : [Power] : -> 2
Repaired : [Profsvc] : -> 2
Repaired : [PEAUTH] : -> 2
Repaired : [NVSvc] : -> 2
Repaired : [nsi] : -> 2
Repaired : [NLASvc] : -> 2
Repaired : [NIHardwareService] : -> 2
Repaired : [MPSsvc] : -> 2
Repaired : [MMCSS] : -> 2
Repaired : [luafv] : -> 2
Repaired : [lltdio] : -> 2
Repaired : [Iphlpsvc] : -> 2
Repaired : [IKEEXT] : -> 2
Repaired : [IAStorDataMgrsvc] : -> 2
Repaired : [gpsvc] : -> 2
Repaired : [agp440] : -> 2
Repaired : [AudioEndpointBuilder] : -> 2
Repaired : [BFE] : -> 2
Repaired : [Browser] : 2 -> 3
Repaired : [Bits] : 3 -> 2
Repaired : [EapHost] : 3 -> 2
Repaired : [SppSvc] : -> 2
Repaired : [windefend] : -> 2
Repaired : [wudfsvc] : -> 2
Repaired : [WerSvc] : -> 2
Repaired : [Cmbatt] : -> 3
Repaired : [Wwansvc] : -> 3

���������� # Internet Explorer


���������� # reparsepoint


���������� # Offsets

Possible Ramnit : C:\NCK Dongle\NCK Dongle Main Module\Blackberry\javaloader.exe : 2E64617461000000F83B0000008004000016000000600400000000000000000000000000400000C02E7465787400000000F0010000C0040000EA010000760400
Possible Ramnit : C:\Program Files\Android Tool\ADB\sleep.exe : 5475000000D001000040000000B00100000000000000000000000000400000C02E7465787400000000F001000050020000EA010000F001000000000000000000
Possible Ramnit : C:\Program Files\LG Electronics\LG SP USB Driver\ExeRemover.exe : 000000000000000000000000400000402E646174610000001852000000A000000040000000A00000000000000000000000000000400000C02E74657874000000
Possible Ramnit : C:\Program Files\LG Electronics\LG USB Modem Driver\InstallUSB9x.exe : 000000000000000000000000400000402E646174610000008C200000007000000010000000700000000000000000000000000000400000C02E74657874000000
Possible Ramnit : C:\Program Files\LG Electronics\LG USB Modem driver-L601i\InstallUSB9x.exe : 000000000000000000000000400000402E64617461000000AC200000007000000010000000700000000000000000000000000000400000C02E74657874000000
Possible Ramnit : C:\Program Files\LG Electronics\LG USB Modem driver-L601i\UninstallUSB9x.exe : 00000000400000C02E7465787400000000F001000070000000F0010000700000000000000000000000000000200000E000000000000000000000000000000000
Possible Ramnit : C:\Program Files\LG Electronics\LG USB Modem driver-L602i\InstallUSB9x.exe : 000000000000000000000000400000402E64617461000000AC200000007000000010000000700000000000000000000000000000400000C02E74657874000000
Possible Ramnit : C:\Program Files\LG Electronics\LG USB Modem driver-L602i\UninstallUSB9x.exe : 00000000400000C02E7465787400000000F001000070000000F0010000700000000000000000000000000000200000E000000000000000000000000000000000
Possible Ramnit : C:\Program Files\Micro Box\Micro-Box uninstall.exe : 000000000000000000000000400000E02E727372630000000080000000303C000080000000041400000000000000000000000000400000C02E74657874000000
Possible Ramnit : C:\Program Files\Micro Box\Drivers\Huawei_Vodafone\Huawei_Drivers_All_Systems\devsetup.exe : ED6E000000A001000030000000A00100000000000000000000000000400000C02E7465787400000000F001000010020000F0010000D001000000000000000000
Possible Ramnit : C:\Program Files\Micro Box\Drivers\Huawei_Vodafone\Vodafone 710 Driver\InstallDrv.exe : 00000000400000402E64617461000000183F0000006000000030000000600000000000000000000000000000400000C02E7465787400000000F0010000A00000
Possible Ramnit : C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\logReader.exe : 000000000000000000000000400000C02E7465787400000000F0010000B0000000F0010000900000000000000000000000000000200000E00000000000000000
Possible Ramnit : C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qdcfg.exe : 202F0000001001000012000000FA0000000000000000000000000000400000C02E7465787400000000F001000040010000EA0100000C01000000000000000000
Possible Ramnit : C:\Program Files\SagMaster Team\SMTi\Drivers\Huawei_Mod_Drivers_All_Sys\devsetup.exe : ED6E000000A001000030000000A00100000000000000000000000000400000C02E7465787400000000F001000010020000F0010000D001000000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win32\x86\checked\logReader.exe : 000000000000000000000000400000C02E7465787400000000F0010000B0000000F0010000900000000000000000000000000000200000E00000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win32\x86\checked\qdcfg.exe : 202F0000001001000012000000FA0000000000000000000000000000400000C02E7465787400000000F001000040010000EA0100000C01000000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win32\x86\free\logReader.exe : 000000000000000000000000400000C02E7465787400000000F0010000B0000000F0010000900000000000000000000000000000200000E00000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win32\x86\free\qdcfg.exe : 202F0000001001000012000000FA0000000000000000000000000000400000C02E7465787400000000F001000040010000EA0100000C01000000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win64\AMD64\checked\logReader.exe : 000000000000000000000000400000C02E7465787400000000F0010000B0000000F0010000900000000000000000000000000000200000E00000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win64\AMD64\checked\qdcfg.exe : 202F0000001001000012000000FA0000000000000000000000000000400000C02E7465787400000000F001000040010000EA0100000C01000000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win64\AMD64\free\logReader.exe : 000000000000000000000000400000C02E7465787400000000F0010000B0000000F0010000900000000000000000000000000000200000E00000000000000000
Possible Ramnit : C:\Program Files\Z3X\Samsung\Drivers\Qualcomm_USB_composite_driver\Win64\AMD64\free\qdcfg.exe : 202F0000001001000012000000FA0000000000000000000000000000400000C02E7465787400000000F001000040010000EA0100000C01000000000000000000

���������� # Files | Folders | Registry

Moved to quarantine successfully : c:\program files\microsoft\watermark.exe
Moved to quarantine successfully : C:\Documents and Settings\All Users\Menu D�marrer\Programmes\SarasSoft\UFS\Uninstall\Uninstall UFS USB Driver.lnk -> C:\WINDOWS\system32\UFS2XXUN.ini
Moved to quarantine successfully : C:\SysAnti.exe
Moved to quarantine successfully : F:\SysAnti.exe
Moved to quarantine successfully : E:\9300M_PBr6.0.0_rel2475_PL6.6.0.207_A6.0.0.546(www.mobilegang.in).exe
Moved to quarantine successfully : E:\Pangu8_v1.1.0.exe
Moved to quarantine successfully : E:\SysAnti.exe
Moved to quarantine successfully : D:\SysAnti.exe
Moved to quarantine successfully : F:\Copy of Shortcut to (1).lnk
Moved to quarantine successfully : F:\Copy of Shortcut to (3).lnk
Moved to quarantine successfully : F:\Copy of Shortcut to (2).lnk

���������� # ADS

Prefetch -> cleaned
D:\AutoRun.inf : Deleted
D:\ : Vaccinated (Vaccin created by Pre_Scan)
E:\AutoRun.inf : Deleted
E:\ : Vaccinated (Vaccin created by Pre_Scan)
F:\AutoRun.inf : Deleted
F:\ : Impossible to vaccinate
?????????? | Hidden files
~ [Drive D:] : Hidden : 30 | Restored : 30
~ [Drive E:] : Hidden : 4 | Restored : 4
~ [Program Files] : Hidden : 1 | Restored : 1
~ [Users] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 203 | Restored : 203
~ [Libraries] : Hidden : 4 | Restored : 4

���������� # Drives

Disk: 0 Size=305G
Pos MBRndx Type/Name Size Active Hide Start Sector Sectors
--- ------ ---------- ---- ------ ---- ------------ ------------
0 0 07-NTFS 150G Yes No 63 307,194,867
1 1 0F-EXTEND 155G No No 307,194,930 317,926,350

����������

[HKLM | Winlogon] | AutoRestartShell : 0 -> 1
End : 12:06:39

����������( EOF )���������� - 295


Publicité


Signaler le contenu de ce document

Publicité