¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0207 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:41:49 ~ Update on 07/02/2013 | 11.10 by g3n-h@ckm@n ~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil ~ Pre_Script Infos : http://gen-hackman.forum-pro.fr/t89-les-switchs ~ Pre_scan Feedbacks : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505 ~ [HP_Propriétaire (Administrator)] - [NOM-EB85C523610] ~ SID = S-1-5-21-3356692217-1419506053-1123339469-1008 ~ System : Microsoft Windows XP (32 bits) Service Pack 3 ~ ProcessorNameString : Intel(R) Celeron(R) CPU 2.80GHz ~ Identifier : x86 Family 15 Model 4 Stepping 1 ~ Mémory RAM = Total (KB) : 1564020 | Used (%) : 28 | Free (KB) : 1121020 ~ Pagefile = Total (KB) : 2971440 | Free (KB) : 2759190 ~ Virtual = Total (KB) : 2097020 | Free (KB) : 2018580 ¤¤¤¤¤¤¤¤¤¤ | Boot's scripts ¤¤¤¤¤¤¤¤¤¤ | Drives c:\ -> [Fixed] | [HP_PAVILION] | Total : 146480 Mo | Free : 117010 Mo -> NTFS d:\ -> [Fixed] | [HP_RECOVERY] | Total : 6130 Mo | Free : 1990 Mo -> FAT32 f:\ -> [Fixed] | [] | Total : 25060 Mo | Free : 11920 Mo -> NTFS g:\ -> [Fixed] | [DATA] | Total : 127520 Mo | Free : 104130 Mo -> NTFS ¤¤¤¤¤¤¤¤¤¤ | Windows Updates Last(s) détection(s) : 2013-02-09 02:35:19 Last(s) download(s) : 2013-02-09 02:01:36 Last(s) installation(s) : 2013-02-09 02:00:15 Next search : 2013-02-09 23:46:47 ¤¤¤¤¤¤¤¤¤¤ | Sessions ~ C:\WINDOWS\system32\config\systemprofile ~ C:\Documents and Settings\LocalService ~ C:\Documents and Settings\NetworkService ~ C:\Documents and Settings\HP_Propriétaire New restorepoint created ¤¤¤¤¤¤¤¤¤¤ | stopped Processes (1112) -- MsMpEng.exe (1688) -- explorer.exe (1816) -- spoolsv.exe (564) -- msseces.exe (604) -- hkcmd.exe (980) -- hpsysdrv.exe (1084) -- ctfmon.exe (1376) -- MediaServer.exe (3324) -- alg.exe (2392) -- wuauclt.exe (4080) -- wscntfy.exe ¤¤¤¤¤¤¤¤¤¤ | Running processes Boot : Normal [MD5.48E430297DA757F5CC2793CCFACAD5E7] - [05/08/2004 19:00:00] - 616 | C:\WINDOWS\System32\smss.exe (.Microsoft Corporation - Gestionnaire de session Windows NT.) - (5.1.2600.5512) -> \SystemRoot\System32\smss.exe [50688 Ko] [MD5.3854F2A22DDED71A3504A9D0899F1C99] - [05/08/2004 19:00:00] - 720 | C:\WINDOWS\system32\winlogon.exe (.Microsoft Corporation - Application d'ouverture de session Windows NT.) - (5.1.2600.5512) -> winlogon.exe [512000 Ko] [MD5.C3FB1D70CB88722267949694BA51759E] - [05/08/2004 19:00:00] - 764 | C:\WINDOWS\system32\services.exe (.Microsoft Corporation - Applications Services et Contrôleur.) - (5.1.2600.5755) -> C:\WINDOWS\system32\services.exe [111104 Ko] [MD5.91E6024D6D4DCDECDB36C43ECF9BBECB] - [05/08/2004 19:00:00] - 784 | C:\WINDOWS\system32\lsass.exe (.Microsoft Corporation - LSA Shell (Export Version).) - (5.1.2600.5512) -> C:\WINDOWS\system32\lsass.exe [13312 Ko] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 19:00:00] - 948 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\system32\svchost.exe -k DcomLaunch [14336 Ko] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 19:00:00] - 1148 | C:\WINDOWS\System32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\System32\svchost.exe -k netsvcs [14336 Ko] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 19:00:00] - 688 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\system32\svchost.exe -k netsvcs [14336 Ko] [MD5.E4BDF223CD75478BF44567B4D5C2634D] - [05/08/2004 19:00:00] - 260 | C:\WINDOWS\system32\svchost.exe (.Microsoft Corporation - Generic Host Process for Win32 Services.) - (5.1.2600.5512) -> C:\WINDOWS\system32\svchost.exe -k imgsvc [14336 Ko] [MD5.FD9B9341771FC6C6D269794CEB49447F] - [09/02/2013 18:29:15] - 432 | C:\Documents and Settings\HP_Propriétaire\Mes documents\Downloads\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.2.7) -> "C:\Documents and Settings\HP_Propriétaire\Mes documents\Downloads\winlogon.exe" [2637293 Ko] [MD5.03E8EFB94B49D9B94A1EB643953AED17] - [14/01/2013 23:17:03] - 3796 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.1.14) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe" [311109 Ko] [MD5.02DA31AB433A6C1110A736C85701DECA] - [05/08/2004 19:00:00] - 3196 | C:\WINDOWS\system32\wscntfy.exe (.Microsoft Corporation - Windows Security Center Notification App.) - (5.1.2600.5512) -> C:\WINDOWS\system32\wscntfy.exe [13824 Ko] ¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK ! ¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine : OK ! Changed : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0 ¤¤¤¤¤¤¤¤¤¤ | Associations Repaired : [HKCR\InternetShortcut\shell\open\command] : rundll32.exe ieframe.dll,OpenURL %l -> "C:\WINDOWS\System32\rundll32.exe" "C:\WINDOWS\System32\ieframe.dll",OpenURL %l Repaired : [HKCR\Application.Manifest\shell\open\command] : -> rundll32.exe dfshim.dll,ShOpenVerbApplication %1 Repaired : [HKCR\Application.Reference\shell\open\command] : -> rundll32.exe dfshim.dll,ShOpenVerbShortcut %1|%2 Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe /idlist,%I,%L -> C:\WINDOWS\Explorer.exe ¤ Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -> "C:\Program Files\Mozilla Firefox\Firefox.exe" Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\safemode\command] : C:\PROGRA~1\MOZILL~1\FIREFOX.EXE -safe-mode -> "C:\Program Files\Mozilla Firefox\Firefox.exe" -safe-mode ¤¤¤¤¤¤¤¤¤¤ | Registry Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0 Repaired : [HKLM | Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0 Repaired : [HKLM | Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145 Repaired : [HKU\S-1-5-21-3356692217-1419506053-1123339469-1008 | Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 1 -> 0 Repaired : [HKU\S-1-5-21-3356692217-1419506053-1123339469-1008 | Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145 Repaired : [HKU\S-1-5-18 | Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 323 -> 145 ¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair Safeboot Keys are O.K Alternate shell is OK ! ¤ Safeboot Minimal Subkeys : OK ! ¤ Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ | IFEO : OK ! ¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK ! ¤¤¤¤¤¤¤¤¤¤ | Windows [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon Winsrv : OK ! Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : c:\progra~1\saveby~1\sprote~1.dll -> [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1 [HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[Programs] : com exe bat pif cmd ¤¤¤¤¤¤¤¤¤¤ | Security Center Repaired : [HKLM | Security Center]|[AntiVirusOverride] : 1 -> 0 [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]|[DisableMonitoring] : 0 [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKLM\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ¤¤¤¤¤¤¤¤¤¤ | Services Corrections Repaired : [HKLM | Services\Parvdm] : 4 -> 2 Repaired : [HKLM | Services\CryptSvc] : 3 -> 2 Repaired : [HKLM | Services\EapHost] : 3 -> 2 Repaired : [HKLM | Services\wudfsvc] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ | Internet Explorer Repaired : [HKU\S-1-5-21-3356692217-1419506053-1123339469-1008\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://fr.msn.com/ -> http://www.google.com/ Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/ Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[SearchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Start Page] : http://fr.msn.com/ -> http://go.microsoft.com/fwlink/?LinkId=69157 ¤ Repaired : [HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1 Repaired : [HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1 Repaired : [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[MigrateProxy] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ | Hosts C:\WINDOWS\System32\Drivers\etc\hosts : Replaced ¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry Moved to quarantine successfully : C:\Recycler\S-1-5-21-3356692217-1419506053-1123339469-1008\desktop.ini Moved to quarantine successfully : C:\Recycler\S-1-5-21-3356692217-1419506053-1123339469-1008\INFO2 Moved to quarantine successfully : C:\WINDOWS\RTHDCPL_DB.dbt Moved to quarantine successfully : C:\WINDOWS\Thumbs.db Moved to quarantine successfully : C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\fp_pl_pfs_installer.exe Moved to quarantine successfully : C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\acrord32_sbx\Fichiers Internet temporaires\Content.IE5\index.dat Moved to quarantine successfully : C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\acrord32_sbx\History\History.IE5\index.dat Moved to quarantine successfully : C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\CRX_75DAF8CB7768\manifest.json Moved to quarantine successfully : C:\WINDOWS\Temp\TMP000000011A153577292EB293 Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000001274AC4079BFE83C7 Moved to quarantine successfully : C:\WINDOWS\Temp\TMP000000012BA3CCDAB20BACDD Moved to quarantine successfully : C:\WINDOWS\Temp\TMP0000000182C3C841D74155F2 Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000001E24192DFE68B27BC Moved to quarantine successfully : C:\WINDOWS\Temp\TMP0000000226BB2BE85D08DBFE Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000002597DF26457C3FB35 Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000002638C6BFB2E7EFB08 Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000002AC4DC4263D35D376 Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000003A58D1A0B5E48EC9A Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000003D4EEEEA72CBE4EFA Moved to quarantine successfully : C:\WINDOWS\Temp\TMP00000006A35C01BE59EB8929 Impossible to move : C:\Documents and settings\LocalService\Local settings\Temp\Fichiers Internet temporaires\Content.IE5\index.dat Impossible to move : C:\Documents and settings\LocalService\Local settings\Temp\History\History.IE5\index.dat Moved to quarantine successfully : C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150000} -> WLM Moved to quarantine successfully : C:\WINDOWS\Tasks\AppleSoftwareUpdate.job Deleted : [HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\BigDog303]|[command] : C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) Moved to quarantine successfully : C:\WINDOWS\VM303_STI.EXE 18:51:51 Moved to quarantine successfully : C:\Documents and Settings\HP_Propriétaire\Application Data\ezpinst.exe Moved to quarantine successfully : C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\gnc.exe Moved to quarantine successfully : C:\Documents and Settings\HP_Propriétaire\Local Settings\Application Data\fusioncache.dat Moved to quarantine successfully : C:\WINDOWS\System32\config\SystemProfile\Local Settings\Application Data\fusioncache.dat Moved to quarantine successfully : C:\Program Files\SaveByClick Moved to quarantine successfully : C:\sqmnoopt01.sqm Moved to quarantine successfully : C:\sqmnoopt02.sqm Moved to quarantine successfully : C:\sqmnoopt03.sqm Moved to quarantine successfully : C:\sqmdata18.sqm Moved to quarantine successfully : C:\sqmdata19.sqm Moved to quarantine successfully : C:\sqmnoopt04.sqm Moved to quarantine successfully : C:\sqmdata00.sqm Moved to quarantine successfully : C:\sqmnoopt05.sqm Moved to quarantine successfully : C:\sqmdata01.sqm Moved to quarantine successfully : C:\sqmnoopt06.sqm Moved to quarantine successfully : C:\sqmdata02.sqm Moved to quarantine successfully : C:\sqmnoopt07.sqm Moved to quarantine successfully : C:\sqmdata03.sqm Moved to quarantine successfully : C:\sqmdata04.sqm Moved to quarantine successfully : C:\sqmnoopt08.sqm Moved to quarantine successfully : C:\sqmdata05.sqm Moved to quarantine successfully : C:\sqmnoopt09.sqm Moved to quarantine successfully : C:\sqmdata06.sqm Moved to quarantine successfully : C:\sqmnoopt10.sqm Moved to quarantine successfully : C:\sqmdata07.sqm Moved to quarantine successfully : C:\sqmnoopt11.sqm Moved to quarantine successfully : C:\sqmdata08.sqm Moved to quarantine successfully : C:\sqmnoopt12.sqm Moved to quarantine successfully : C:\sqmdata09.sqm Moved to quarantine successfully : C:\sqmnoopt13.sqm Moved to quarantine successfully : C:\sqmdata10.sqm Moved to quarantine successfully : C:\sqmnoopt14.sqm Moved to quarantine successfully : C:\sqmdata11.sqm Moved to quarantine successfully : C:\sqmnoopt15.sqm Moved to quarantine successfully : C:\sqmdata12.sqm Moved to quarantine successfully : C:\sqmnoopt16.sqm Moved to quarantine successfully : C:\sqmdata13.sqm Moved to quarantine successfully : C:\sqmnoopt17.sqm Moved to quarantine successfully : C:\sqmdata14.sqm Moved to quarantine successfully : C:\sqmnoopt18.sqm Moved to quarantine successfully : C:\sqmdata15.sqm Moved to quarantine successfully : C:\sqmnoopt19.sqm Moved to quarantine successfully : C:\sqmdata16.sqm Moved to quarantine successfully : C:\sqmnoopt00.sqm Moved to quarantine successfully : C:\sqmdata17.sqm File Moved to quarantine successfully : D:\Info.exe Moved to quarantine successfully : C:\WINDOWS\Temp\dd_clwireg.txt Moved to quarantine successfully : C:\WINDOWS\Temp\WGAErrLog.txt Moved to quarantine successfully : C:\WINDOWS\Temp\WGANotify.settings Moved to quarantine successfully : C:\WINDOWS\Temp\BootClean.log Moved to quarantine successfully : C:\WINDOWS\Temp\MpSigStub.log Moved to quarantine successfully : C:\WINDOWS\Temp\MpCmdRun.log Moved to quarantine successfully : C:\WINDOWS\Temp\dw.log Moved to quarantine successfully : C:\WINDOWS\Temp\NDP1.1sp1-KB2742597-X86 Impossible to move : C:\WINDOWS\Temp\55245EF5-2E92-4D2F-93B4-C9B2F5CC3478-Sigs Impossible to move : C:\WINDOWS\Temp\MPTelemetrySubmit Moved to quarantine successfully : C:\Documents and Settings\All Users\Application Data\ma-config(2).com Moved to quarantine successfully : C:\WINDOWS\assembly\tmp\ Moved to quarantine successfully : C:\Documents and Settings\HP_Propriétaire\Application Data\Sun\Java\Deployment\cache\ Moved to quarantine successfully : C:\Documents and Settings\HP_Propriétaire\Local settings\Application Data\Sun\Java\Deployment\cache\6.0 Prefetch -> Emptied