¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_28.03.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 21:01:41 Updated 28/03/2016 | 15.40 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_ULTRA] SID = S-1-5-21-548406213-3309102694-2939433529-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 3041 Pagefile = Total (MB) : 6107 | Free (MB) : 5523 Virtual = Total (MB) : 4194 | Free (MB) : 3968 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives K:\-> [Fixed] | [riverboats] | Total : 57.66 Go | Free : 57.21 Go -> NTFS [USB] J:\-> [Fixed] | [emsisoft emergency kit usb] | Total : 15.01 Go | Free : 12.74 Go -> NTFS [USB] I:\-> [Fixed] | [sandisk con] | Total : 119.04 Go | Free : 112.62 Go -> exFAT [USB] H:\-> [Fixed] | [my disk] | Total : 931.48 Go | Free : 461.22 Go -> NTFS [USB] E:\-> [Fixed] | [] | Total : 0.44 Go | Free : 0.11 Go -> NTFS [SATA] D:\-> [Fixed] | [Windows RE tools] | Total : 1 Go | Free : 0.65 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 863.51 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Jean-Marie C:\Users\_ashbackuppb_ C:\Users\_ashbackup_ Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [28.03.2016 @ 20_54_47]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.20 (© Microsoft Corporation.) FF : 45.0.1.5918 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 49.0.2623.108 (Copyright 2015 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 21.0.0.182 ���������� # Security AV : ZoneAlarm Antivirus Enabled AS : Windows Defender Disabled FW : ZoneAlarm Firewall Enabled WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1080 | [Owner : |Parent : 652] - (.Check Point Software Technologies Ltd. - ZoneAlarm.) - (14.1.48.0) = C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe 1344 | [Owner : Jean-Marie |Parent : 976] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 1460 | [Owner : Jean-Marie |Parent : 1428] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.104) = C:\Windows\explorer.exe 1672 | [Owner : Jean-Marie |Parent : 1460] - (.IvoSoft - Classic Start Menu.) - (4.2.5.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe 2024 | [Owner : Jean-Marie |Parent : 1460] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe 2352 | [Owner : Jean-Marie |Parent : 744] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.10586.0) = C:\Windows\HelpPane.exe 2104 | [Owner : Jean-Marie |Parent : 2244] - (.Nero AG - Nero TuneItUp Tray (Service Provider).) - (2.4.1.1045) = C:\Program Files (x86)\Nero\Nero TuneItUp\ServiceProvider.exe 2904 | [Owner : Jean-Marie |Parent : 1460] - (.Auslogics - BoostSpeed.) - (8.2.1.0) = C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe 2884 | [Owner : Jean-Marie |Parent : 2904] - (.Auslogics - Frame Applet Proxy.) - (1.0.0.0) = C:\Program Files (x86)\Auslogics\BoostSpeed\FrameAppletProxy.exe 808 | [Owner : Jean-Marie |Parent : 744] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.104) = C:\Windows\explorer.exe 2992 | [Owner : Jean-Marie |Parent : 1460] - (.Auslogics - Disk Defrag Touch.) - (1.3.0.0) = C:\Program Files (x86)\Auslogics\Disk Defrag Touch\DiskDefragTouch.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : J:\Extractor.exe Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Roaming\UpdateStar ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Pre_Scan) I:\ : Vaccinated (Vaccin created by Pre_Scan) J:\ : Vaccinated (Vaccin created by Pre_Scan) K:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 5 | Restored : 5 ~ [Drive E:] : Hidden : 6 | Restored : 6 ~ [Drive H:] : Hidden : 29 | Restored : 29 ~ [Drive C:] : Hidden : 5 | Restored : 5 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Windows] : Hidden : 10 | Restored : 9 ~ [AppData] : Hidden : 132 | Restored : 132 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 1.0G No No 2,048 2,095,104 1 1 0C-FAT32X 359M Yes No 2,097,152 737,280 2 2 07-NTFS 939G No No 3,096,576 922,115,584 3 3 07-NTFS 450M No No 925,212,160 921,600 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 End : 22:08:04 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 191