คคคคคคคคคคคคคคค Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0223 คคคคคคคคคคคคคคค

~ คคคคค XP | Vista | 7 | 8 - 32/64 bits คคคคค - Start 10:01:27

~ Update on 23/02/2013 | 00.50 by g3n-h@ckm@n
~ Evolution : http://gen-hackman.forum-pro.fr/t64-historique-de-l-outil
~ Pre_Script Infos : http://gen-hackman.forum-pro.fr/t89-les-switchs
~ Pre_scan Feedbacks : http://gen-hackman.forum-pro.fr/t93-feedback-pre_scan#505

~ [Pascal (Administrator)] - [PACKARDBELL]
~ SID = S-1-5-21-320834630-1107054878-85199649-1000

~ System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1
~ ProcessorNameString : Intel(R) Core(TM) i5-2320 CPU @ 3.00GHz
~ Identifier : Intel64 Family 6 Model 42 Stepping 7

~ M้mory RAM = Total (KB) : 8370180 | Used (%) : 15 | Free (KB) : 7071980
~ Pagefile = Total (KB) : 16738510 | Free (KB) : 15511820
~ Virtual = Total (KB) : 4194180 | Free (KB) : 4066080

คคคคคคคคคค | Boot's scripts

C:\Windows\Setup\Scripts\MonitorAuto_x64.exe
C:\Windows\Setup\Scripts\MOD01SET5O000N0002.enc
C:\Windows\Setup\Scripts\MOD01SET5O000N0005.enc
C:\Windows\Setup\Scripts\SetupComplete.cmd
C:\Windows\Setup\Scripts\useralaunch.cmd
C:\Windows\Setup\Scripts\OOBE.CMD

คคคคคคคคคค | Drives

c:\ -> [Fixed] | [Packard Bell] | Total : 944080 Mo | Free : 873260 Mo -> NTFS
d:\ -> [Fixed] | [DATA] | Total : 944090 Mo | Free : 943970 Mo -> NTFS

คคคคคคคคคค | Windows Updates

No windows updates detected !!! 



คคคคคคคคคค | Sessions

~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\Pascal

New restorepoint created

คคคคคคคคคค | stopped Processes

(1608) -- explorer.exe
(4328) -- WUDFHost.exe
(892) -- TrustedInstaller.exe
(1840) -- WLIDSVC.EXE
(3040) -- LMS.exe
(2900) -- WLIDSVCM.EXE
(2036) -- SearchIndexer.exe
(2704) -- spoolsv.exe
(4840) -- chrome.exe
(4056) -- chrome.exe
(4568) -- chrome.exe
(4508) -- chrome.exe
(1436) -- taskeng.exe
(3896) -- SearchProtocolHost.exe
(1940) -- SearchFilterHost.exe

คคคคคคคคคค | Running processes

Boot : Normal  

[MD5.1911A3356FA3F77CCC825CCBAC038C2A] - [14/07/2009 00:19:50] - 372 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gestionnaire de sessions Windows.) - (6.1.7600.16385) -> \SystemRoot\System32\smss.exe   [112640 Ko]
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 00:19:49] - 504 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’ex้cution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [7680 Ko]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - [14/07/2009 00:52:37] - 564 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Application de d้marrage de Windows.) - (6.1.7600.16385) -> wininit.exe   [129024 Ko]
[MD5.60C2862B4BF0FD9F582EF344C2B1EC72] - [14/07/2009 00:19:49] - 592 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processus d’ex้cution client-serveur.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16   [7680 Ko]
[MD5.3EE6C4A17173C0B6822585296E9AB209] - [14/07/2009 00:19:46] - 660 | C:\Windows\system32\services.exe (.Microsoft Corporation - Applications Services et Contr๔leur.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe   [328704 Ko]
[MD5.C118A82CD78818C29AB228366EBF81C3] - [10/03/2012 10:21:30] - 668 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe   [31232 Ko]
[MD5.F2BF82316E93E590FF081B95F68443B7] - [21/11/2010 04:23:53] - 676 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Service du gestionnaire de session locale.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe   [343040 Ko]
[MD5.8ACDF26E44D108653FE638ABDF5BB043] - [21/11/2010 04:24:29] - 688 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Application d’ouverture de session Windows.) - (6.1.7601.17514) -> winlogon.exe   [390656 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 800 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 952 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 400 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 520 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 580 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1092 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1164 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService   [27136 Ko]
[MD5.8FA553E9AE69808D99C164733A0F9590] - [19/02/2013 20:04:02] - 1228 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (7.0.1474.765) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe"   [44808 Ko]
[MD5.F162D5F5E845B9DC352DD1BAD8CEF1BC] - [14/07/2009 00:37:38] - 1600 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gestionnaire de fen๊tres du Bureau.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe"   [120320 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 1816 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 2012 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 2508 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted   [27136 Ko]
[MD5.C78655BC80301D76ED4FEF1C1EA40A7D] - [14/07/2009 00:31:13] - 3884 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processus h๔te pour les services Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation   [27136 Ko]
[MD5.2599F74F3555968BCA57777C65B21E37] - [19/02/2013 20:04:02] - 2456 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (7.0.1474.765) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui   [4297136 Ko]
[MD5.033F17859B8C4366C738F8E892B84C04] - [25/02/2013 09:52:08] - 1500 | C:\Users\Pascal\Downloads\winlogon (1).exe (. - g3n-h@ckm@n.) - (3.0.2.24) -> "C:\Users\Pascal\Downloads\winlogon (1).exe"    [2621773 Ko]
[MD5.CE9121FBEDF48CEAD0E154011F7E931D] - [14/07/2011 06:30:29] - 2056 | C:\Windows\explorer.exe (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17567) -> explorer.exe   [2871808 Ko]
[MD5.DD81D91FF3B0763C392422865C9AC12E] - [14/07/2009 00:57:20] - 4116 | C:\Windows\System32\rundll32.exe (.Microsoft Corporation - Processus h๔te Windows (Rundll32).) - (6.1.7600.16385) -> C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding   [45568 Ko]
[MD5.84F8BB3DED08453983546523C086F152] - [14/01/2013 23:17:03] - 5060 | C:\Pre_Scan\Process\Pre_Scan_Protect.exe (. - g3n-h@ckm@n.) - (3.0.2.14) -> "C:\Pre_Scan\Process\Pre_Scan_Protect.exe"    [311107 Ko]
[MD5.34D4C852C7EAAD794C5932D7B894CBA8] - [21/11/2010 04:24:15] - 4252 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.1.7601.17514) -> C:\Windows\system32\wbem\wmiprvse.exe   [372736 Ko]

คคคคคคคคคค | Winlogon User : OK !


คคคคคคคคคค | Winlogon Machine

Repaired : [HKLM | Winlogon]|[userinit] : C:\Windows\System32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,
Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe,

คคคคคคคคคค | Associations : OK ! 




ค

Navigators settings associations are OK !


คคคคคคคคคค | Registry : OK !



คคคคคคคคคค | SafeBoot | Control | Repair

Safeboot Keys are O.K

Alternate shell is OK !

ค

Safeboot Minimal Subkeys : O.K !

ค

Safeboot Network Subkeys : O.K !

คคคคคคคคคค | IFEO : OK !


คคคคคคคคคค | Mountpoints2 : OK !



คคคคคคคคคค | Windows

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

Winsrv : OK !

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : 
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] : 
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 1

คคคคคคคคคค | Security Center





คคคคคคคคคค | Services Corrections


Repaired : [HKLM | Services\Compbatt] : 3 -> 0
Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\Bits] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\Wlansvc] : 3 -> 2
Repaired : [HKLM | Services\SharedAccess] : 4 -> 2
Repaired : [HKLM | Services\windefend] : 3 -> 2
Repaired : [HKLM | Services\wudfsvc] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2

คคคคคคคคคค | Internet Explorer


Browsers settings for Users : OK


Browsers settings for Machine : OK

ค


Hijack.Internet : OK

คคคคคคคคคค | Hosts

C:\Windows\System32\Drivers\etc\hosts : Replaced 

คคคคคคคคคค | Files | Folders | Registry


Moved to quarantine successfully :  C:\Users\Pascal\Downloads\winlogon.exe
Moved to quarantine successfully :  C:\Users\Pascal\Downloads\winlogon (1).exe
Moved to quarantine successfully :  C:\Users\Pascal\Downloads\winlogon (2).exe

Impossible to move :  C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Impossible to move :  C:\ProgramData\regid.1986-12.com.adobe
Suspect : C:\Users\Pascal\AppData\Roaming\PhotoScape\favorite.lst
Suspect : C:\Users\Pascal\AppData\Roaming\PhotoScape\batchset1.cfg
Suspect : C:\Users\Pascal\AppData\Roaming\PhotoScape\phoobj.cfg
Suspect : C:\Users\Pascal\AppData\Roaming\PhotoScape\photoscape.cfg
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-LqPpNsFVlFFehsWfT6dcoriJ
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-u7B3PCDmWXzhZm52OmmZzaUb
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-vdVXGtFrggu1airRUsVnJZzZ
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-RjSElR02M9sacC9TNrkAT0qJ
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-7yeAO6hVgS7odc1hEX0eToPX
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-BsL5RK0rLrAeme6DrATArhfV
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-8rp77ci5W435OFLkSmtLA1Ar
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-ekXqUS6GexZewCwnksEfkDXR
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-kV6O9VqgLAezdkAxb6xhuSUf
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-apmObL7CQkC5V8iEGMcSMXZI
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-ncsKsNVdwVF0JEgMO9PZL6vb
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-6ZakO6kiiV149Tw0gIPAp98Z
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-sMpvfOjSGAa0g9wpA190iw4M
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-q2wFtMuPKlPlMhbsnHRNyCdM
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-QmgibvbMp4IjXL69K7M4U4dS
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-IUEL4L3wp7bRFHnSKg4xRwRt
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-e6n4kMtJTA5QT6lwwplkgGUo
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-WM9cPMOg74FMh7osfGRveu8N
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-BRS2JNUn1DvIh6IGg11dRuG8
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-dkCvxiSGMtD09lonPtTiKls3
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-RLS0NgTjumGgs0y49XTw3B7x
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-q2ZEzq8iiGdntuxzy0MmJk4m
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-JIrpO4X4xfeLzQf0PFX6tFBi
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-dVUmioYVy30XXHErI2bYDis0
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-njpMHReNV5oO60akOYISqGxq
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-JwSRpk9qe0eZBFoGwCOF6ewM
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-gxuFwvaejOPhz7dZGM1f7uCe
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-3BJrtG9aOKw8IHVNTw5EBfjo
Suspect : C:\Users\Pascal\AppData\Roaming\Skype\temp-pfCLGjwganxWL34sXiwd7pqf
Suspect : C:\ProgramData\EnterNHelp\hxde.xxc
Suspect : C:\ProgramData\EnterNHelp\hxes.xxb
Suspect : C:\ProgramData\Ultima_T15\reg_configec.stn
Suspect : C:\ProgramData\Hybrid Synthesizers\BookService
Suspect : C:\Users\Pascal\AppData\Local\Temp\wmplog00.sqm
Suspect : C:\Users\Pascal\AppData\Local\Temp\a373.rra
Suspect : C:\Users\Pascal\AppData\Local\Temp\Google_Earth_6.2.2.6613_120720-113338_1.dmp
Suspect : C:\Users\Pascal\AppData\Local\Temp\Google_Earth_Plugin_6.2.2.6613_120820-225238_1.dmp
Suspect : C:\Users\Pascal\AppData\Local\Temp\Google_Earth_Plugin_6.2.2.6613_120820-225243_1.dmp
Suspect : C:\Users\Pascal\AppData\Local\Temp\Google_Earth_6.2.2.6613_121014-174339_1.dmp
Suspect : C:\Users\Pascal\AppData\Local\Temp\Google_Earth_6.2.2.6613_121014-174340_2.dmp
Suspect : C:\Users\Pascal\AppData\Local\Temp\50684273-c389-4e67-817f-0eff36942950.dmp
Suspect : C:\Users\Pascal\AppData\Local\Temp\toolbar.cfg
Suspect : C:\Users\Pascal\AppData\Local\Temp\geIconCacheLock
Suspect : C:\Users\Pascal\AppData\Local\Temp\geColladaModelCacheLock

Prefetch -> Emptied