¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_13.07.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 09:16:10 07/25/2017 Updated 13/07/2017 | 18.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_HYPER] SID = S-1-5-21-492477587-735446454-3147982820-1001 Boot: SafeMode with network System : Windows 8 (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 3225 Pagefile = Total (MB) : 4157 | Free (MB) : 3679 Virtual = Total (MB) : 4194 | Free (MB) : 4015 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives W:\-> [Removable] | [YUMI SARDU] | Total : 14.31 Go | Free : 0 Go -> FAT32 [USB] Q:\-> [Removable] | [WIN10 IOT C] | Total : 28.96 Go | Free : 28.95 Go -> FAT32 [USB] P:\-> [Removable] | [TRANSCEND] | Total : 0.24 Go | Free : 0.02 Go -> FAT [USB] O:\-> [CDROM] | [Verbatim] | Total : 0.01 Go | Free : 0 Go -> UDF [USB] N:\-> [Removable] | [FRAMA ASSO] | Total : 2.92 Go | Free : 0.09 Go -> FAT32 [USB] L:\-> [Removable] | [WINUSB W10] | Total : 3.69 Go | Free : 0.36 Go -> exFAT [USB] K:\-> [Removable] | [MEMTEST86] | Total : 0.05 Go | Free : 0.04 Go -> FAT [USB] J:\-> [Removable] | [RASPBIAN] | Total : 0.04 Go | Free : 0.02 Go -> FAT32 [USB] H:\-> [Removable] | [reset pass] | Total : 476.7 Go | Free : 476.7 Go -> exFAT [USB] F:\-> [Removable] | [SFCE XFCE] | Total : 119.47 Go | Free : 0 Go -> FAT32 [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.61 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.98 Go | Free : 892.96 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Next search : 2017-07-25 06:58:09 Windows 8.1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [25.07.2017 @ 09_14_37]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 10.0.9200.16384 (© Microsoft Corporation.) GC : 22.0.1229.95 (Copyright (C) 2006-2010 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 11.3.372.94 ���������� # Security AV : Norton Internet Security Enabled AS : Norton Internet Security Enabled FW : Norton Internet Security Enabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1256 | [Owner : Jean-Marie |Parent : 1248] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 1300 | [Owner : Jean-Marie |Parent : 1256] - (.Microsoft Corporation - Chargeur CTF.) - (6.2.9200.16384) = C:\Windows\System32\ctfmon.exe 1932 | [Owner : Jean-Marie |Parent : 1256] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Repaired : [HKLM | Minimal\BasicDisplay.sys] : Driver -> Service Repaired : [HKLM | Minimal\BasicRender.sys] : Driver -> Service Repaired : [HKLM | Minimal\dxgkrnl.sys] : Driver -> Service Repaired : [HKLM | Minimal\FsDepends.sys] : Driver -> Service Repaired : [HKLM | Minimal\vga.sys] : -> Driver Repaired : [HKLM | Minimal\vgasave.sys] : -> Driver � Repaired : [HKLM | Network\vga.sys] : -> Driver Repaired : [HKLM | Network\vgasave.sys] : -> Driver ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of W:\autorun.inf : Content of Q:\AUTORUN.INF : Content of P:\AUTORUN.INF : Content of J:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-492477587-735446454-3147982820-1001\Software\msaver Moved to quarantine successfully : C:\Windows\Tasks\RunAtStartup.job Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Local\yahlunk.dll Moved to quarantine successfully : W:\StartCodySafe.exe Moved to quarantine successfully : Q:\install.exe Moved to quarantine successfully : P:\cfw_installer_6106_53.exe Moved to quarantine successfully : P:\cispremium_installer.exe Moved to quarantine successfully : P:\dragonsetup.exe Moved to quarantine successfully : P:\cptsetup.exe Moved to quarantine successfully : P:\icedragonsetup.exe Moved to quarantine successfully : N:\SkinPacks_0568074478.exe Moved to quarantine successfully : F:\start commandline scanner.exe Moved to quarantine successfully : F:\start emergency kit scanner.exe Moved to quarantine successfully : Q:\install.res.2052.dll Moved to quarantine successfully : Q:\install.res.3082.dll Moved to quarantine successfully : F:\Remove_LiLi.bat Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Roaming\Interstatnogui Moved to quarantine successfully : C:\Windows\1 ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Usbfix) K:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) N:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 12 | Restored : 12 ~ [Drive F:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 5 | Restored : 5 ~ [Program Files] : Hidden : 22 | Restored : 22 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 5 | Restored : 5 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 25 | Restored : 23 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 176 | Restored : 176 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 End : 10:11:21 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 228