¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_20.07.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:54:40 Updated 20/07/2016 | 00.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Dr CARRIBON (Administrator)] - [DRCARRIBON-PC] SID = S-1-5-21-1519099712-2411528038-34804761-1000 Boot: Normal boot System : Windows 7 Starter (32 bits) Starter Service Pack 1 ProcessorNameString : Intel(R) Atom(TM) CPU N450 @ 1.66GHz Identifier : x86 Family 6 Model 28 Stepping 10 CoreTemp : 54 Celsius - Max : 100 Celsius Memory RAM = Total (MB) : 1037 | Free (MB) : 361 Pagefile = Total (MB) : 3582 | Free (MB) : 2114 Virtual = Total (MB) : 2097 | Free (MB) : 1951 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives P:\-> [Removable] | [sdhc 64] | Total : 59.49 Go | Free : 35.84 Go -> exFAT [USB] N:\-> [CDROM] | [SFR] | Total : 0.07 Go | Free : 0 Go -> CDFS [USB] M:\-> [Removable] | [FRAMAKEY SA] | Total : 28.78 Go | Free : 13.1 Go -> FAT32 [USB] L:\-> [Fixed] | [ZALMAN VE-350] | Total : 931.06 Go | Free : 772.9 Go -> NTFS [USB] J:\-> [Fixed] | [WD My Passport 3To] | Total : 2794.49 Go | Free : 319.68 Go -> NTFS [USB] I:\-> [Removable] | [HITMANPRO] | Total : 57.55 Go | Free : 45.15 Go -> FAT32 [USB] G:\-> [Fixed] | [power2go 11 & AD-AWARE SETUPS] | Total : 3.91 Go | Free : 3.81 Go -> NTFS [ATA] F:\-> [Fixed] | [prog files rebit & dt pro 7] | Total : 2.98 Go | Free : 2.71 Go -> NTFS [ATA] E:\-> [Fixed] | [program files power2go 11] | Total : 4.04 Go | Free : 3.84 Go -> NTFS [ATA] D:\-> [Fixed] | [SYSTEM & ANDROID] | Total : 4.1 Go | Free : 1.65 Go -> NTFS [ATA] C:\-> [Fixed] | [Acer] | Total : 204.85 Go | Free : 143.39 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2016-09-23 01:00:01 Downloaded last ones : 2016-09-26 18:49:21 Installed last ones : 2016-09-27 05:40:53 Next search : 2016-09-27 06:40:38 Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Dr CARRIBON Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [27.09.2016 @ 13_32_53]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 8.0.7601.17514 (© Microsoft Corporation. Tous droits réservés.) FF : 49.0.1.6109 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 23.0.0.162 ���������� # Security AV : AS : Windows Defender Disabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Disabled(4)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1820 | [Owner : |Parent : 632] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe 236 | [Owner : Système |Parent : 520] - (.Microsoft Corporation - Windows Logon User Interface Host.) - (6.1.7601.17514) = C:\Windows\System32\LogonUI.exe 3396 | [Owner : Dr CARRIBON |Parent : 5752] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe 4428 | [Owner : Dr CARRIBON |Parent : 3396] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files\Zemana AntiLogger\ZAM.exe 2348 | [Owner : Dr CARRIBON |Parent : 3396] - (. - .) - (0.0.0.0) = C:\UsbFix\UsbFix.exe 2812 | [Owner : Dr CARRIBON |Parent : 3396] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 5396 | [Owner : Dr CARRIBON |Parent : 1044] - (.Microsoft Corporation - Windows Update.) - (7.6.7600.320) = C:\Windows\System32\wuauclt.exe 4104 | [Owner : Système |Parent : 632] - (.Rebit - Rebit 5 Backup Service.) - (5.0.1038.13991) = C:\Program Files\Rebit 5\Rebit-5-Svc.exe 3532 | [Owner : SERVICE RÉSEAU |Parent : 632] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (6.1.7601.17514) = C:\Windows\System32\sppsvc.exe 2856 | [Owner : Dr CARRIBON |Parent : 2348] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7601.17514) = C:\Program Files\Internet Explorer\iexplore.exe 1208 | [Owner : Dr CARRIBON |Parent : 2856] - (.Microsoft Corporation - Internet Explorer.) - (8.0.7601.17514) = C:\Program Files\Internet Explorer\iexplore.exe 5684 | [Owner : Dr CARRIBON |Parent : 1876] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\Windows\system32\userinit.exe -> C:\Windows\System32\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of J:\autorun.inf : [Autorun] open=setup.exe icon=setup.exe,0 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\DnsCache]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : J:\Start.exe Moved to quarantine successfully : I:\Kickstarter.exe Moved to quarantine successfully : G:\Adaware_Installer.exe Moved to quarantine successfully : C:\repairs_running.dat Moved to quarantine successfully : C:\repair_starting.dat Moved to quarantine successfully : J:\key.ico Moved to quarantine successfully : J:\SuperMulti.ico Moved to quarantine successfully : C:\Users\Dr CARRIBON\AppData\Roaming\UpdateStar ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) G:\ : Vaccinated (Vaccin created by Pre_Scan) J:\AutoRun.inf : Deleted J:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) P:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 9 | Restored : 8 ~ [Drive E:] : Hidden : 1 | Restored : 1