¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_20.07.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:56:41 Updated 20/07/2016 | 00.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [100P100_S_FIN] SID = S-1-5-21-333624727-3628993747-300940260-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2734 Pagefile = Total (MB) : 4157 | Free (MB) : 3342 Virtual = Total (MB) : 4194 | Free (MB) : 4009 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives T:\-> [Removable] | [i de l'e-cew'tal a cgu a'suir] | Total : 57.64 Go | Free : 33.19 Go -> NTFS [USB] S:\-> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 867.4 Go -> NTFS [USB] R:\-> [Removable] | [NO NAME] | Total : 59.48 Go | Free : 17.61 Go -> FAT32 [USB] N:\-> [CDROM] | [Verbatim] | Total : 0.01 Go | Free : 0 Go -> UDF [USB] M:\-> [Removable] | [] | Total : 30.02 Go | Free : 2.03 Go -> FAT32 [USB] L:\-> [Removable] | [FRAMAKEY SA] | Total : 28.78 Go | Free : 26.11 Go -> FAT32 [USB] K:\-> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 8.51 Go -> FAT32 [USB] J:\-> [Removable] | [HITMANPRO] | Total : 1.86 Go | Free : 1.71 Go -> FAT32 [USB] H:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 51.43 Go -> FAT32 [USB] E:\-> [Removable] | [] | Total : 3.67 Go | Free : 0.46 Go -> FAT32 [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 841.98 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [02.08.2016 @ 20_34_18]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.494 (© Microsoft Corporation.) FF : 47.0.1.6018 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.209 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1368 | [Owner : |Parent : 640] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MsMpEng.exe 1936 | [Owner : SERVICE RÉSEAU |Parent : 1892] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MpCmdRun.exe 2212 | [Owner : Jean-Marie |Parent : 1012] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 2320 | [Owner : Jean-Marie |Parent : 2284] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe 2408 | [Owner : Jean-Marie |Parent : 2320] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe 2596 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 2640 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 2732 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.494) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 1592 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.10586.494) = C:\Windows\HelpPane.exe 3188 | [Owner : Système |Parent : 592] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.420) = C:\Windows\System32\fontdrvhost.exe 3264 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe 3972 | [Owner : Jean-Marie |Parent : 3588] - (.Verbatim - Drive Protection.) - (2.6.4.1) = C:\Windows\Temp\SecurePro.exe 1356 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : S:\Firefox Setup Stub 47.0.1.exe Moved to quarantine successfully : S:\Heimdal.SetupLauncher.exe Moved to quarantine successfully : S:\Kickstarter.exe Moved to quarantine successfully : S:\LiberKey_5.8.1129.exe Moved to quarantine successfully : S:\Pre_Scan.exe Moved to quarantine successfully : S:\quickdiag_2_28.07.2016.1.exe Moved to quarantine successfully : S:\RogueKillerX64.exe Moved to quarantine successfully : S:\RSIT.exe Moved to quarantine successfully : S:\setup(1).exe Moved to quarantine successfully : S:\setup.exe Moved to quarantine successfully : S:\Win32DiskImager-0.9.5-install.exe Moved to quarantine successfully : J:\Kickstarter.exe Moved to quarantine successfully : S:\LiberKey.lnk Moved to quarantine successfully : S:\Pre_Scan_Donate.lnk Moved to quarantine successfully : S:\Pre_Scan_Restore.lnk ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) E:\ : Vaccinated (Vaccin created by Usbfix) H:\ : Vaccinated (Vaccin created by Usbfix) J:\ : Vaccinated (Vaccin created by Usbfix) K:\ : Vaccinated (Vaccin created by Usbfix) L:\ : Vaccinated (Vaccin created by Usbfix) M:\ : Vaccinated (Vaccin created by Usbfix) R:\ : Vaccinated (Vaccin created by Usbfix) S:\ : Vaccinated (Vaccin created by Usbfix) ���������� | Hidden files ~ [Drive S:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 6 | Restored : 6 ~ [Pictures] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 10 | Restored : 7 ~ [AppData] : Hidden : 131 | Restored : 131 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 End : 00:26:47 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 198