¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_02.11.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:53:58 11/25/2016 Updated 02/11/2016 | 19.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jules (Administrator)] - [PC-BOURHOVEN] SID = S-1-5-21-874177302-4198731479-2183019305-1017 Boot: Normal boot System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ProcessorNameString : Intel(R) Core(TM) i7-2600 CPU @ 3.40GHz Identifier : Intel64 Family 6 Model 42 Stepping 7 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 8371 | Free (MB) : 6747 Pagefile = Total (MB) : 17048 | Free (MB) : 15564 Virtual = Total (MB) : 4194 | Free (MB) : 3863 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives E:\-> [CDROM] | [CD330A1] | Total : 0.01 Go | Free : 0 Go -> CDFS [ATAPI] D:\-> [Fixed] | [DATA] | Total : 931.51 Go | Free : 502.86 Go -> NTFS [RAID] C:\-> [Fixed] | [SYSTEM] | Total : 232.78 Go | Free : 106.68 Go -> NTFS (SSD) [RAID] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2016-11-25 11:57:48 Downloaded last ones : 2016-11-25 11:57:49 Installed last ones : 2016-11-25 11:57:30 Next search : 2016-11-26 07:43:13 Microsoft : - ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\PC C:\Users\Margaux.PC-BOURHOVEN C:\Users\mugiwaraXD C:\Users\Juju C:\Users\Jules Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [25.11.2016 @ 19_52_58]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.9600.18523 (© Microsoft Corporation.) GC : 54.0.2840.99 (Copyright 2016 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 11.7.700.202 Plugin : 11.7.700.169 ���������� # Security AV : AS : Windows Defender Disabled AM : Malwarebytes Anti-Malware (2.3.55.0) [2013.05.28.01] FW : WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1016 | [Owner : |Parent : 780] - (.IObit - Advanced SystemCare Service.) - (10.0.2.81) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe 716 | [Owner : |Parent : 780] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe 1792 | [Owner : |Parent : 780] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe 1920 | [Owner : Système |Parent : 780] - (.Apple Inc. - MobileDeviceService.) - (17.374.70.8) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1952 | [Owner : Système |Parent : 780] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 1980 | [Owner : Système |Parent : 780] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.7571.1306) = C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe 1240 | [Owner : Système |Parent : 780] - (. - Inkjet Printer/Scanner/Fax Extended Survey Program Service.) - (4.1.0.0) = C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe 2020 | [Owner : Système |Parent : 780] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.18.1) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 2132 | [Owner : Système |Parent : 780] - (.LogMeIn, Inc. - LMIGuardianSvc.) - (10.1.0.1742) = C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe 2236 | [Owner : Système |Parent : 780] - (.NVIDIA Corporation - NVIDIA Container.) - (1.1.2136.1721) = C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe 2280 | [Owner : Système |Parent : 780] - (.NVIDIA Corporation - NVIDIA Container.) - (1.0.0.0) = C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe 2328 | [Owner : Système |Parent : 780] - (.NVIDIA Corporation - NVIDIA Wireless Controller Service.) - (3.0.7.34) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\nvwirelesscontroller.exe 2436 | [Owner : Système |Parent : 780] - (. - .) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrA.exe 2464 | [Owner : Système |Parent : 780] - (. - Reason Core Security Bundle Protection.) - (1.0.1.0) = C:\Program Files\Reason\Security\Protection\rscp\bin\rscp_svc.exe 2492 | [Owner : Système |Parent : 780] - (.Reason Software Company Inc. - Reason Core Security Engine Service.) - (1.1.2.0) = C:\Program Files\Reason\Security\rsEngineSvc.exe 2272 | [Owner : Système |Parent : 780] - (.Microsoft Corporation - Microsoft Application Virtualization Virtual Service Agent.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 3124 | [Owner : Système |Parent : 780] - (.Microsoft Corporation - Microsoft® Windows Live ID Service.) - (6.500.3165.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 3376 | [Owner : Système |Parent : 780] - (.Microsoft Corporation - Microsoft Application Virtualization Client Service.) - (4.6.3.25281) = C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 3456 | [Owner : Système |Parent : 780] - (.Microsoft Corporation - Microsoft Office Client Virtualization Service .) - (14.0.7147.5000) = C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE 4144 | [Owner : Système |Parent : 5112] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler.exe 4248 | [Owner : Système |Parent : 5112] - (.Google Inc. - Google Crash Handler.) - (1.3.31.5) = C:\Program Files (x86)\Google\Update\1.3.31.5\GoogleCrashHandler64.exe 5820 | [Owner : Système |Parent : 780] - (.Apple Inc. - iPodService Module (64-bit).) - (12.5.1.21) = C:\Program Files\iPod\bin\iPodService.exe 6176 | [Owner : SERVICE RÉSEAU |Parent : 780] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 2984 | [Owner : Système |Parent : 780] - (.Intel Corporation - Local Manageability Service.) - (7.0.0.1135) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 5376 | [Owner : Système |Parent : 780] - (.Intel Corporation - User Notification Service.) - (7.0.0.1135) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 4604 | [Owner : Système |Parent : 2280] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.7563) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 3016 | [Owner : Système |Parent : 716] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe 5100 | [Owner : Jules |Parent : 780] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 4472 | [Owner : Jules |Parent : 4356] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe 5572 | [Owner : Jules |Parent : 1264] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe 6100 | [Owner : Jules |Parent : 5572] - (.IObit - Performance Monitor.) - (10.0.4.1294) = C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe 2380 | [Owner : Jules |Parent : 4472] - (.Apple Inc. - iTunesHelper.) - (12.5.1.21) = D:\Program Files\iTunes\iTunesHelper.exe 2960 | [Owner : Jules |Parent : 4472] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1023) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 1800 | [Owner : Jules |Parent : 4472] - (.Skype Technologies S.A. - Skype .) - (7.0.0.102) = C:\Program Files (x86)\Skype\Phone\Skype.exe 2996 | [Owner : Jules |Parent : 4472] - (.Microsoft Corporation - Gadgets du Bureau Windows.) - (6.1.7601.17514) = C:\Program Files\Windows Sidebar\sidebar.exe 7084 | [Owner : Jules |Parent : 4472] - (.Wargaming.net - World of Tanks Game Updater.) - (0.3.24.140) = D:\Games\World_of_Tanks\WargamingGameUpdater.exe 6452 | [Owner : Jules |Parent : 4472] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3052) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe 6620 | [Owner : Jules |Parent : 4472] - (.Curse, Inc - Curse.) - (7.1.6164.2253) = C:\Users\Jules\AppData\Roaming\Curse Client\Bin\Curse.exe 1968 | [Owner : Jules |Parent : 3092] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.111.14) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 3060 | [Owner : Jules |Parent : 4604] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.7563) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 5288 | [Owner : Jules |Parent : 6620] - (.Curse, Inc. - Curse.) - (0.36.7.0) = C:\Users\Jules\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe 5644 | [Owner : Jules |Parent : 5288] - (.Curse, Inc. - Curse.) - (0.36.7.0) = C:\Users\Jules\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe 4536 | [Owner : Jules |Parent : 5288] - (.Curse, Inc. - Curse.) - (0.36.7.0) = C:\Users\Jules\AppData\Roaming\Curse Client\Bin\Electron\CurseUI.exe 3604 | [Owner : Jules |Parent : 1264] - (.Microsoft Corporation - Windows Update.) - (7.6.7601.23453) = C:\Windows\System32\wuauclt.exe 2652 | [Owner : Jules |Parent : 5572] - (.SuperBoost Software - .) - (3.1.0.151) = C:\Program Files (x86)\SuperBoost\Superb Game Boost\SuperbGameBoostMain.exe 4500 | [Owner : Jules |Parent : 3884] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Cuppat\Application\chrome.exe 6124 | [Owner : Jules |Parent : 4500] - (.Google Inc. - Google Chrome.) - (54.0.2840.71) = C:\Program Files (x86)\Cuppat\Application\chrome.exe 3204 | [Owner : Jules |Parent : 780] - (.Microsoft Corporation - Serveur de personnalisation d’entrée.) - (6.1.7600.16385) = C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe 5968 | [Owner : Système |Parent : 780] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:Software\Swearware\dump [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : 3 -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-874177302-4198731479-2183019305-1000\$I4NZ8LU.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-874177302-4198731479-2183019305-1000\$IZ6ORRD.dll Deleted : HKU\S-1-5-18\Software\xvb`lj Deleted : HKLM\Software\ompndb Deleted : HKLM\Software\plaync Deleted : HKLM\Software\xvb`lj Deleted : HKLM\Software\WOW6432Node\ompndb Deleted : HKLM\Software\WOW6432Node\sumo digital Deleted : HKLM\Software\WOW6432Node\xvb`lj Moved to quarantine successfully : C:\Windows\system32\System32 Moved to quarantine successfully : D:\7DTD_Alpha1_win32.exe Moved to quarantine successfully : D:\GlyphInstall.exe Moved to quarantine successfully : D:\HiPatchInstHelper.exe Moved to quarantine successfully : D:\HiPatchSelfUpdateWindow.exe Moved to quarantine successfully : D:\HiPatchService.exe Moved to quarantine successfully : D:\HirezGameNotifier.exe Moved to quarantine successfully : D:\HiRezLauncherUI.exe Moved to quarantine successfully : D:\Rar.exe Moved to quarantine successfully : D:\TorchSetup.exe Moved to quarantine successfully : D:\Uninstall Slendytubbies.exe Moved to quarantine successfully : D:\UnRAR.exe Moved to quarantine successfully : D:\rarnew.dat Moved to quarantine successfully : D:\zipnew.dat Moved to quarantine successfully : D:\adminserver.dll Moved to quarantine successfully : D:\Awesomium.dll Moved to quarantine successfully : D:\Awesomium.Mono.dll Moved to quarantine successfully : D:\binkw32.dll Moved to quarantine successfully : D:\bsppack.dll Moved to quarantine successfully : D:\bugreporter.dll Moved to quarantine successfully : D:\bugreporter_public.dll Moved to quarantine successfully : D:\crashhandler.dll Moved to quarantine successfully : D:\datacache.dll Moved to quarantine successfully : D:\dedicated.dll Moved to quarantine successfully : D:\gameui.dll Moved to quarantine successfully : D:\HiRezLauncherControls.dll Moved to quarantine successfully : D:\HirezUtils.dll Moved to quarantine successfully : D:\ICSharpCode.SharpZipLib.dll Moved to quarantine successfully : D:\icudt42.dll Moved to quarantine successfully : D:\install.res.2052.dll Moved to quarantine successfully : D:\install.res.3082.dll Moved to quarantine successfully : D:\launcher.dll Moved to quarantine successfully : D:\libcef.dll Moved to quarantine successfully : D:\mdllib.dll Moved to quarantine successfully : D:\mss32.dll Moved to quarantine successfully : D:\NPSWF32.dll Moved to quarantine successfully : D:\parsifal.dll Moved to quarantine successfully : D:\PatcherData.dll Moved to quarantine successfully : D:\PatcherEngine.dll Moved to quarantine successfully : D:\PatcherMisc.dll Moved to quarantine successfully : D:\RarExt.dll Moved to quarantine successfully : D:\RarExt64.dll Moved to quarantine successfully : D:\rdmwin32.dll Moved to quarantine successfully : D:\scenefilecache.dll Moved to quarantine successfully : D:\serverbrowser.dll Moved to quarantine successfully : D:\serverplugin_empty.dll Moved to quarantine successfully : D:\shaderapidx10.dll Moved to quarantine successfully : D:\shaderapidx9.dll Moved to quarantine successfully : D:\shaderapiempty.dll Moved to quarantine successfully : D:\stdshader_dbg.dll Moved to quarantine successfully : D:\stdshader_dx9.dll Moved to quarantine successfully : D:\tier0.dll Moved to quarantine successfully : D:\tier0_s.dll Moved to quarantine successfully : D:\unicode.dll Moved to quarantine successfully : D:\unicows.dll Moved to quarantine successfully : D:\unitlib.dll Moved to quarantine successfully : D:\vgui2.dll Moved to quarantine successfully : D:\vphysics.dll Moved to quarantine successfully : D:\vscript.dll Moved to quarantine successfully : D:\vstdlib.dll Moved to quarantine successfully : D:\vtex_dll.dll Moved to quarantine successfully : D:\xinput1_3.dll Moved to quarantine successfully : D:\Manuel 4 eme - Raccourci.lnk Moved to quarantine successfully : C:\STF2A5E.tmp Moved to quarantine successfully : C:\STF2B22.tmp Moved to quarantine successfully : C:\STF5B62.tmp Moved to quarantine successfully : C:\STF6638.tmp Moved to quarantine successfully : C:\STF744C.tmp Moved to quarantine successfully : C:\STF8183.tmp Moved to quarantine successfully : C:\STFA56C.tmp Moved to quarantine successfully : C:\STFA62.tmp Moved to quarantine successfully : C:\STFB15.tmp Moved to quarantine successfully : C:\STFBEF9.tmp Moved to quarantine successfully : C:\STFEFF1.tmp Moved to quarantine successfully : C:\STFFD3E.tmp Moved to quarantine successfully : D:\DUMP22bc.tmp Moved to quarantine successfully : C:\temp206.bat Moved to quarantine successfully : C:\temp993.bat Moved to quarantine successfully : D:\open-for-update-patch.bat Moved to quarantine successfully : C:\ProgramData\RELOADED ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 1135 | Restored : 1134 ~ [Drive C:] : Hidden : 3 | Restored : 3 ~ [Program Files] : Hidden : 19 | Restored : 19 ~ [Documents] : Hidden : 1 | Restored : 1 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 38 | Restored : 38 ~ [AppData] : Hidden : 18 | Restored : 18 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 954G No No 2,048 953,515,520 End : 20:09:09 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 315