¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_28.03.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 16:47:52 Updated 28/03/2016 | 15.40 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_ULTRA] SID = S-1-5-21-4261453527-2494187915-1683905538-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1908 Pagefile = Total (MB) : 4010 | Free (MB) : 1686 Virtual = Total (MB) : 4194 | Free (MB) : 3979 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives L:\-> [Removable] | [emsisoft emergency kit usb] | Total : 15.01 Go | Free : 12.74 Go -> NTFS [USB] K:\-> [Removable] | [STYLO ESPIO] | Total : 3.69 Go | Free : 3.07 Go -> FAT32 [USB] J:\-> [Removable] | [carbide slim] | Total : 476.71 Go | Free : 122 Go -> NTFS [USB] H:\-> [Fixed] | [my disk] | Total : 931.48 Go | Free : 453.34 Go -> NTFS [USB] F:\-> [CDROM] | [roguekiller&webc] | Total : 0.79 Go | Free : 0 Go -> UDF [SATA] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 841 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [02.04.2016 @ 16_00_16]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.20 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 21.0.0.182 ���������� # Security AV : Windows Defender Disabled AS : Emsisoft Anti-Malware Disabled AM : Malwarebytes Anti-Malware (2.3.173.0) [] FW : COMODO Firewall Enabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 5452 | [Owner : Jean-Marie |Parent : 548] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 6408 | [Owner : Jean-Marie |Parent : 816] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.104) = C:\Windows\explorer.exe 5484 | [Owner : |Parent : 848] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe 8268 | [Owner : SERVICE LOCAL |Parent : 1112] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 8864 | [Owner : SERVICE LOCAL |Parent : 1112] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10586.0) = C:\Windows\System32\WUDFHost.exe 8064 | [Owner : Jean-Marie |Parent : 948] - (. - .) - (10.1.2123.10) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe 8180 | [Owner : SERVICE LOCAL |Parent : 1112] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 8624 | [Owner : Jean-Marie |Parent : 848] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe 5228 | [Owner : Jean-Marie |Parent : 948] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 6924 | [Owner : LogonSessionId_0_135230274 |Parent : 848] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe 1928 | [Owner : Jean-Marie |Parent : 948] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.122) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 5268 | [Owner : Jean-Marie |Parent : 948] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.63) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6352 | [Owner : LogonSessionId_0_135280632 |Parent : 848] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.10586.162) = C:\Program Files\Windows Media Player\wmpnetwk.exe 4468 | [Owner : Jean-Marie |Parent : 6408] - (.Paragon Software Group - A part of Paragon System Utilities.) - (10.1.25.813) = C:\Program Files\Paragon Software\Migrate OS to SSD 4.0\program\migrateos.exe 7432 | [Owner : Jean-Marie |Parent : 6408] - (.Comodo Inc. - IceDragon.) - (44.0.0.5911) = C:\Program Files (x86)\Comodo\IceDragon\icedragon.exe 6368 | [Owner : Système |Parent : 548] - (.Microsoft Corporation - Interface utilisateur de consentement pour des applications administratives.) - (10.0.10586.0) = C:\Windows\System32\consent.exe 3164 | [Owner : Système |Parent : 6924] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.0) = C:\Windows\System32\SearchFilterHost.exe 7100 | [Owner : SERVICE LOCAL |Parent : 500] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.9.10586.0) = C:\Program Files\Windows Defender\MpCmdRun.exe 6836 | [Owner : SERVICE LOCAL |Parent : 7100] - (.Microsoft Corporation - Console Window Host.) - (10.0.10586.0) = C:\Windows\System32\conhost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-18\Software\Locky Deleted : HKU\S-1-5-21-4261453527-2494187915-1683905538-1001_Classes\Software\Locky Deleted : HKU\S-1-5-21-4261453527-2494187915-1683905538-1001\Software\Locky Deleted : HKU\S-1-5-20\Software\Locky Deleted : HKU\S-1-5-19\Software\Locky Deleted : [HKU\S-1-5-21-4261453527-2494187915-1683905538-1001\Software\Microsoft\Windows\CurrentVersion\Run]~[DAEMON Tools Pro Agent] : "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[iSkysoft Helper Compact.exe] : C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe Moved to quarantine successfully : J:\disk-defrag-touch-setup.exe Moved to quarantine successfully : H:\advanced-systemcare-setup.exe Moved to quarantine successfully : H:\asosetup.exe Moved to quarantine successfully : H:\defragsetup-pro.exe Moved to quarantine successfully : H:\disk-defrag-touch-setup.exe Moved to quarantine successfully : H:\filmora_setup_full1084.exe Moved to quarantine successfully : H:\free-youtube-downloader_setup_full1378.exe Moved to quarantine successfully : H:\ProductKeyFinder64.exe Moved to quarantine successfully : H:\RevoUninProSetup.exe Moved to quarantine successfully : H:\watermark-software.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Pre_Scan) J:\ : Impossible to vaccinate K:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 6 | Restored : 6 ~ [Drive H:] : Hidden : 8 | Restored : 8 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 4 | Restored : 4 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 6 | Restored : 6 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 48 | Restored : 45 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 143 | Restored : 143 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 09:03:30 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 220