¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_29.02.2015.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:36:10 Updated 29/02/2016 | 15.35 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_ULTRA] SID = S-1-5-21-3331589601-751847041-4288644589-1001 Boot: SafeMode with network System : Windows 8 (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 3130 Pagefile = Total (MB) : 4157 | Free (MB) : 3609 Virtual = Total (MB) : 4194 | Free (MB) : 3932 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives K:\-> [Removable] | [] | Total : 1.83 Go | Free : 1.73 Go -> FAT [USB] I:\-> [Removable] | [] | Total : 7.43 Go | Free : 1.45 Go -> FAT32 [USB] G:\-> [CDROM] | [930541668-1] | Total : 0.24 Go | Free : 0 Go -> CDFS [SATA] F:\-> [Removable] | [carbide slim] | Total : 476.71 Go | Free : 153.46 Go -> NTFS [USB] E:\-> [Removable] | [STYLO ESPIO] | Total : 3.69 Go | Free : 0 Go -> FAT32 [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 0.39 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.98 Go | Free : 836.92 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Next search : 2016-03-12 22:32:55 Microsoft : + Windows 8.1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [12.03.2016 @ 19_46_30]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 10.0.9200.16384 (© Microsoft Corporation.) OP : 35.0.2066.92 (Copyright Opera Software 2016) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 20.0.0.267 ���������� # Security AV : Advanced SystemCare Ultimate Disabled AS : Windows Defender Disabled AM : Malwarebytes Anti-Malware (2.3.125.0) [] FW : WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1360 | [Owner : |Parent : 756] - (.IObit - StartMenu8 Services.) - (1.0.0.0) = C:\Program Files (x86)\IObit\Classic Start\SMService.exe 1608 | [Owner : Jean-Marie |Parent : 1600] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 1624 | [Owner : Jean-Marie |Parent : 1360] - (.IObit - .) - (2.4.0.2) = C:\Program Files (x86)\IObit\Classic Start\ClassicStart.exe 1684 | [Owner : Jean-Marie |Parent : 1608] - (.Microsoft Corporation - Chargeur CTF.) - (6.2.9200.16384) = C:\Windows\System32\ctfmon.exe 1912 | [Owner : |Parent : 1360] - (.IObit - .) - (2.0.0.0) = C:\Program Files (x86)\IObit\Classic Start\StartMenu_Hook.exe 2232 | [Owner : Jean-Marie |Parent : 1624] - (.IObit - StartMenu8 InstallServices.) - (2.0.0.11) = C:\Program Files (x86)\IObit\Classic Start\InstallServices.exe 2404 | [Owner : Jean-Marie |Parent : 2216] - (. - .) - (12.0.1.0) = C:\Program Files\RogueKiller\RogueKiller64.exe 2724 | [Owner : |Parent : 756] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) - (3.1.2416.0) = C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe 2556 | [Owner : Jean-Marie |Parent : 1788] - (.IObit - Advanced SystemCare Ultimate Tray.) - (9.5.0.2621) = C:\Program Files (x86)\IObit\Advanced SystemCare Ultimate\ASCTray.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Repaired : [HKLM | Minimal\BasicDisplay.sys] : -> Service Repaired : [HKLM | Minimal\BasicRender.sys] : -> Service Repaired : [HKLM | Minimal\dxgkrnl.sys] : -> Service Repaired : [HKLM | Minimal\FsDepends.sys] : -> Service Repaired : [HKLM | Minimal\vga.sys] : -> Driver Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver � Repaired : [HKLM | Network\vga.sys] : -> Driver Repaired : [HKLM | Network\vgasave.sys] : -> Driver ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:Software\Swearware\dump [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:DoesNotExist [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[VoodooShield] : C:\Program Files\VoodooShield\VoodooShield.exe Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Local\TempradD0F71.tmp Moved to quarantine successfully : I:\AntiLoggerFree_Setup_1.8.2.320.exe Moved to quarantine successfully : I:\DiffView.exe Moved to quarantine successfully : I:\downloader_for_camtasia.exe Moved to quarantine successfully : I:\downloader_for_DTLiteInstaller.exe Moved to quarantine successfully : I:\downloader_for_smart-defrag-setup.exe Moved to quarantine successfully : I:\DTLiteInstaller_e87cbd264a2ca9b80cc9883b3e6f3aa9.exe Moved to quarantine successfully : I:\Firefox Setup Stub 45.0.exe Moved to quarantine successfully : I:\forceHide.exe Moved to quarantine successfully : I:\IDriveWinSetup_fr-FR.exe Moved to quarantine successfully : I:\InstallVoodooShield (1).exe Moved to quarantine successfully : I:\InstallVoodooShield.exe Moved to quarantine successfully : I:\LogAnalyzer.exe Moved to quarantine successfully : I:\lws280.exe Moved to quarantine successfully : I:\MBARW_Setup(1).exe Moved to quarantine successfully : I:\MD5Look.exe Moved to quarantine successfully : I:\MP3jamSetup.exe Moved to quarantine successfully : I:\RogueKillerAdmin.exe Moved to quarantine successfully : I:\RogueKillerCMDX64.exe Moved to quarantine successfully : I:\RogueKillerCMDX64_beta.exe Moved to quarantine successfully : I:\RogueKillerPE64.exe Moved to quarantine successfully : I:\RogueKillerX64_beta.exe Moved to quarantine successfully : I:\setup.exe Moved to quarantine successfully : I:\TaskSTRun.exe Moved to quarantine successfully : I:\VTUploader.exe Moved to quarantine successfully : I:\WhyIGotInfected.exe Moved to quarantine successfully : F:\AntiLoggerFree_Setup_1.8.2.320.exe Moved to quarantine successfully : F:\DiffView.exe Moved to quarantine successfully : F:\downloader_for_camtasia.exe Moved to quarantine successfully : F:\downloader_for_DTLiteInstaller.exe Moved to quarantine successfully : F:\downloader_for_smart-defrag-setup.exe Moved to quarantine successfully : F:\DTLiteInstaller_e87cbd264a2ca9b80cc9883b3e6f3aa9.exe Moved to quarantine successfully : F:\Firefox Setup Stub 45.0.exe Moved to quarantine successfully : F:\forceHide.exe Moved to quarantine successfully : F:\IDriveWinSetup_fr-FR.exe Moved to quarantine successfully : F:\InstallVoodooShield (1).exe Moved to quarantine successfully : F:\InstallVoodooShield.exe Moved to quarantine successfully : F:\LogAnalyzer.exe Moved to quarantine successfully : F:\lws280.exe Moved to quarantine successfully : F:\MBARW_Setup(1).exe Moved to quarantine successfully : F:\MD5Look.exe Moved to quarantine successfully : F:\MP3jamSetup.exe Moved to quarantine successfully : F:\RogueKillerAdmin.exe Moved to quarantine successfully : F:\RogueKillerCMDX64.exe Moved to quarantine successfully : F:\RogueKillerCMDX64_beta.exe Moved to quarantine successfully : F:\RogueKillerPE64.exe Moved to quarantine successfully : F:\RogueKillerX64_beta.exe Moved to quarantine successfully : F:\setup.exe Moved to quarantine successfully : F:\TaskSTRun.exe Moved to quarantine successfully : F:\VTUploader.exe Moved to quarantine successfully : F:\WhyIGotInfected.exe Moved to quarantine successfully : I:\RestSharp.dll Moved to quarantine successfully : F:\RestSharp.dll Moved to quarantine successfully : I:\Any Data Recovery Pro.lnk Moved to quarantine successfully : I:\Fix Genius.lnk Moved to quarantine successfully : I:\IDrive.lnk Moved to quarantine successfully : I:\RogueKiller.lnk Moved to quarantine successfully : I:\RogueKillerPE.lnk Moved to quarantine successfully : I:\Voodoo Shield.lnk Moved to quarantine successfully : I:\Wise Force Deleter.lnk Moved to quarantine successfully : I:\Wise Memory Optimizer.lnk Moved to quarantine successfully : I:\Wise Program Uninstaller.lnk Moved to quarantine successfully : F:\Any Data Recovery Pro.lnk Moved to quarantine successfully : F:\Fix Genius.lnk Moved to quarantine successfully : F:\IDrive.lnk Moved to quarantine successfully : F:\RogueKiller.lnk Moved to quarantine successfully : F:\RogueKillerPE.lnk Moved to quarantine successfully : F:\Voodoo Shield.lnk Moved to quarantine successfully : F:\Wise Force Deleter.lnk Moved to quarantine successfully : F:\Wise Memory Optimizer.lnk Moved to quarantine successfully : F:\Wise Program Uninstaller.lnk ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) I:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive E:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 5 | Restored : 5 ~ [Windows] : Hidden : 15 | Restored : 13 ~ [AppData] : Hidden : 139 | Restored : 139 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 End : 22:01:25 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 257