¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_20.07.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:26:27 Updated 20/07/2016 | 00.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [100P100_S_FIN] SID = S-1-5-21-333624727-3628993747-300940260-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2893 Pagefile = Total (MB) : 4157 | Free (MB) : 3484 Virtual = Total (MB) : 4194 | Free (MB) : 4002 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives V:\-> [Removable] | [AUTORAD] | Total : 14.83 Go | Free : 14.57 Go -> FAT32 [USB] S:\-> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 876.16 Go -> NTFS [USB] R:\-> [Removable] | [NO NAME] | Total : 59.48 Go | Free : 17.37 Go -> FAT32 [USB] M:\-> [Removable] | [] | Total : 30.02 Go | Free : 2.03 Go -> FAT32 [USB] L:\-> [Removable] | [HITMANPRO] | Total : 28.78 Go | Free : 26.24 Go -> FAT32 [USB] K:\-> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 8.51 Go -> FAT32 [USB] J:\-> [Removable] | [BLIND] | Total : 1.86 Go | Free : 0.25 Go -> FAT [USB] H:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 51.43 Go -> FAT32 [USB] E:\-> [Removable] | [] | Total : 3.67 Go | Free : 0.46 Go -> FAT32 [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 857.83 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [31.07.2016 @ 12_04_46]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.494 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.209 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1320 | [Owner : |Parent : 656] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MsMpEng.exe 1336 | [Owner : Système |Parent : 656] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareService.exe 1868 | [Owner : SERVICE RÉSEAU |Parent : 1824] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MpCmdRun.exe 2248 | [Owner : Jean-Marie |Parent : 976] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 2360 | [Owner : Jean-Marie |Parent : 2340] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe 2468 | [Owner : Jean-Marie |Parent : 2360] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe 2640 | [Owner : Jean-Marie |Parent : 740] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 2792 | [Owner : Jean-Marie |Parent : 740] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 2848 | [Owner : Jean-Marie |Parent : 740] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.494) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 576 | [Owner : Jean-Marie |Parent : 740] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.10586.494) = C:\Windows\HelpPane.exe 3160 | [Owner : Jean-Marie |Parent : 740] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : S:\60Second_en_us.exe Moved to quarantine successfully : S:\60Second_x64.exe Moved to quarantine successfully : S:\Adaware_Installer.exe Moved to quarantine successfully : S:\advanced-systemcare-setup-beta.exe Moved to quarantine successfully : S:\BDPUARLauncher_FR.exe Moved to quarantine successfully : S:\BDUSBImmunizerLauncher.exe Moved to quarantine successfully : S:\ccav_installer.exe Moved to quarantine successfully : S:\cDrive_Setup.exe Moved to quarantine successfully : S:\chromodosetup.exe Moved to quarantine successfully : S:\chsetup-1.40.exe Moved to quarantine successfully : S:\cptsetup.exe Moved to quarantine successfully : S:\CSU_FREE_Setup.exe Moved to quarantine successfully : S:\dragonsetup.exe Moved to quarantine successfully : S:\driver_booster_setup_beta.exe Moved to quarantine successfully : S:\epm.exe Moved to quarantine successfully : S:\epm_trial(1).exe Moved to quarantine successfully : S:\epm_trial.exe Moved to quarantine successfully : S:\everysync_trial.exe Moved to quarantine successfully : S:\FastCopyPortable_3.13_Rev_2.paf.exe Moved to quarantine successfully : S:\freemake-youtube-mp3-converter-3-5-2-1-es-en-br-fr-de-it-win.exe Moved to quarantine successfully : S:\installboost.exe Moved to quarantine successfully : S:\KCinst.exe Moved to quarantine successfully : S:\kclite.exe Moved to quarantine successfully : S:\Kickstarter.exe Moved to quarantine successfully : S:\mac_os_x.exe Moved to quarantine successfully : S:\MKV.exe Moved to quarantine successfully : S:\pc-decrapifier-3.0.0.exe Moved to quarantine successfully : S:\pm14free_x64_eng.exe Moved to quarantine successfully : S:\ProcessAlive-0.9.1.exe Moved to quarantine successfully : S:\processclose_1.0.0.3.exe Moved to quarantine successfully : S:\pwfree91.exe Moved to quarantine successfully : S:\remembr-install-0.5.exe Moved to quarantine successfully : S:\RogueKillerX64.exe Moved to quarantine successfully : S:\rufus-2.10.exe Moved to quarantine successfully : S:\setup.exe Moved to quarantine successfully : S:\setup_11.0.3.8.x01_2014_12_13_09_36.exe Moved to quarantine successfully : S:\snagit.exe Moved to quarantine successfully : S:\start.exe Moved to quarantine successfully : S:\startuplite-setup-1.07.exe Moved to quarantine successfully : S:\tdsskiller.exe Moved to quarantine successfully : S:\updater.exe Moved to quarantine successfully : S:\WD Drive Unlock.exe Moved to quarantine successfully : S:\Wise_Care_365_v3.43.exe Moved to quarantine successfully : S:\wood.exe Moved to quarantine successfully : S:\WVDSetup.exe Moved to quarantine successfully : S:\zipplus.exe Moved to quarantine successfully : R:\updater.exe Moved to quarantine successfully : L:\start.exe Moved to quarantine successfully : J:\start.exe Moved to quarantine successfully : E:\setupfree.exe Moved to quarantine successfully : S:\CsLib.dll Moved to quarantine successfully : S:\Interop.RocketDivision.StarBurnX.dll Moved to quarantine successfully : S:\LogicNP.FileView.dll Moved to quarantine successfully : S:\LogicNP.ShComboBox.dll Moved to quarantine successfully : S:\Newtonsoft.Json.dll Moved to quarantine successfully : S:\sptdintf.dll Moved to quarantine successfully : S:\StarBurnX15.dll Moved to quarantine successfully : S:\taglib-sharp.dll Moved to quarantine successfully : R:\CsLib.dll Moved to quarantine successfully : R:\Interop.RocketDivision.StarBurnX.dll Moved to quarantine successfully : R:\LogicNP.FileView.dll Moved to quarantine successfully : R:\LogicNP.ShComboBox.dll Moved to quarantine successfully : R:\Newtonsoft.Json.dll Moved to quarantine successfully : R:\sptdintf.dll Moved to quarantine successfully : R:\StarBurnX15.dll Moved to quarantine successfully : R:\taglib-sharp.dll Moved to quarantine successfully : S:\data.ico Moved to quarantine successfully : S:\iso.ico Moved to quarantine successfully : S:\Jumplist.Copy.ico Moved to quarantine successfully : S:\Jumplist.Data.ico Moved to quarantine successfully : S:\Jumplist.Erase.ico Moved to quarantine successfully : R:\data.ico Moved to quarantine successfully : R:\iso.ico Moved to quarantine successfully : R:\Jumplist.Copy.ico Moved to quarantine successfully : R:\Jumplist.Data.ico Moved to quarantine successfully : R:\Jumplist.Erase.ico ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) E:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Usbfix) J:\ : Vaccinated (Vaccin created by Usbfix) K:\ : Vaccinated (Vaccin created by Usbfix) L:\ : Vaccinated (Vaccin created by Usbfix) M:\ : Vaccinated (Vaccin created by Usbfix) R:\ : Vaccinated (Vaccin created by Usbfix) S:\ : Vaccinated (Vaccin created by Usbfix) V:\ : Vaccinated (Vaccin created by Usbfix) ���������� | Hidden files ~ [Drive D:] : Hidden : 6 | Restored : 6 ~ [Drive E:] : Hidden : 1 | Restored : 1 ~ [Drive K:] : Hidden : 1 | Restored : 1 ~ [Drive S:] : Hidden : 5 | Restored : 5 ~ [Drive V:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 9 | Restored : 9 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 5 | Restored : 5 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 46 | Restored : 43 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 7 | Restored : 7 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 16:12:57 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 282