¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_30.09.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 09:07:47 10/06/2016 Updated 30/09/2016 | 16.50 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [lfs ultra finalis (Administrator)] - [LFSULTRAFINALIS] SID = S-1-5-21-1938869131-2749466906-816185640-1000 Boot: Normal boot System : Windows 7 Starter (32 bits) Starter ProcessorNameString : Intel(R) Atom(TM) CPU N450 @ 1.66GHz Identifier : x86 Family 6 Model 28 Stepping 10 CoreTemp : 59 Celsius - Max : 100 Celsius Memory RAM = Total (MB) : 1037 | Free (MB) : 428 Pagefile = Total (MB) : 2537 | Free (MB) : 1893 Virtual = Total (MB) : 2097 | Free (MB) : 1958 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives R:\-> [Removable] | [UUI] | Total : 7.26 Go | Free : 0.29 Go -> FAT32 [USB] Q:\-> [Removable] | [JEAN_MARIE] | Total : 14.4 Go | Free : 10.34 Go -> FAT32 [USB] P:\-> [Removable] | [MONTRE ESPI] | Total : 7.42 Go | Free : 0.87 Go -> FAT32 [USB] O:\-> [Removable] | [EUMES FOUA] | Total : 59.48 Go | Free : 59.48 Go -> FAT32 [USB] N:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 53.31 Go -> FAT32 [USB] G:\-> [Removable] | [CLONEZILLA] | Total : 1.86 Go | Free : 0.35 Go -> FAT32 [USB] F:\-> [Fixed] | [POWER2GO 11 FILES] | Total : 3.26 Go | Free : 3.05 Go -> NTFS [ATA] E:\-> [Fixed] | [prog files rebit & dt pro 7] | Total : 2.98 Go | Free : 2.55 Go -> NTFS [ATA] D:\-> [Removable] | [HITMANPRO] | Total : 57.55 Go | Free : 32.46 Go -> FAT32 [USB] C:\-> [Fixed] | [Acer] | Total : 208.76 Go | Free : 162.55 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2016-10-06 04:36:20 Downloaded last ones : 2016-10-06 04:44:10 Installed last ones : 2016-10-04 14:54:46 Next search : 2016-10-06 22:43:12 Microsoft : + Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\lfs ultra finalis Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [06.10.2016 @ 09_04_41]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 8.0.7600.16385 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 23.0.0.162 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Disabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 4260 | [Owner : lfs ultra finalis |Parent : 912] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe 5248 | [Owner : |Parent : 748] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe 1116 | [Owner : Système |Parent : 748] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7600.16385) = C:\Windows\System32\spoolsv.exe 5512 | [Owner : lfs ultra finalis |Parent : 4620] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16450) = C:\Windows\explorer.exe 2004 | [Owner : lfs ultra finalis |Parent : 5512] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (7.1.0.595) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe 2284 | [Owner : Système |Parent : 748] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (7.1.0.595) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe 3764 | [Owner : lfs ultra finalis |Parent : 5512] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 2544 | [Owner : lfs ultra finalis |Parent : 912] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16450) = C:\Windows\explorer.exe 3284 | [Owner : lfs ultra finalis |Parent : 1016] - (.Macrorit Inc. - Macrorit Partition Extender.) - (1.0.0.0) = C:\Program Files\Macrorit\Partition Extender\dm.extender.exe 1084 | [Owner : lfs ultra finalis |Parent : 5732] - (.Framakey.org - FramaKioskPortable pour FramaKey.) - (2.0.0.0) = N:\Framakey\FramaKioskPortable\FramaKioskPortable.exe 4792 | [Owner : lfs ultra finalis |Parent : 4432] - (.http://kmeleon.sf.net/ - K-Meleon Web Browser.) - (1.6.0.0) = N:\Framakey\FramaKioskPortable\App\FramaKiosk\k-meleon.exe 5432 | [Owner : lfs ultra finalis |Parent : 2600] - (.Framakey.org - FramafoxPortable pour FramaKey.) - (6.0.0.0) = N:\Apps\FramafoxPortable\FramafoxPortable.exe 1576 | [Owner : lfs ultra finalis |Parent : 5432] - (.Framasoft - Framafox.) - (12.0.0.4493) = N:\Apps\FramafoxPortable\App\Framafox\Framafox.exe 3540 | [Owner : lfs ultra finalis |Parent : 1576] - (.SosVirus - QuickDiag.) - (23.9.2016.1) = C:\Users\lfs ultra finalis\Downloads\quickdiag_2_23.09.2016.1.exe 4144 | [Owner : lfs ultra finalis |Parent : 5512] - (.COMODO - COMODO Internet Security.) - (8.4.0.5165) = C:\Program Files\COMODO\COMODO Internet Security\CisTray.exe 4276 | [Owner : Système |Parent : 748] - (.COMODO - COMODO Internet Security.) - (8.4.0.5165) = C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe 3976 | [Owner : lfs ultra finalis |Parent : 5512] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe 2840 | [Owner : lfs ultra finalis |Parent : 3976] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 1828 | [Owner : Système |Parent : 912] - (.COMODO - COMODO Internet Security.) - (8.4.0.5165) = C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe 4488 | [Owner : lfs ultra finalis |Parent : 4144] - (.COMODO - COMODO Internet Security.) - (8.4.0.5165) = C:\Program Files\COMODO\COMODO Internet Security\cis.exe 4940 | [Owner : lfs ultra finalis |Parent : 4144] - (.COMODO - COMODO Internet Security.) - (8.4.0.5165) = C:\Program Files\COMODO\COMODO Internet Security\cis.exe 4624 | [Owner : Système |Parent : 748] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.7600.16385) = C:\Windows\System32\msiexec.exe 3144 | [Owner : Système |Parent : 748] - (.COMODO - COMODO Internet Security.) - (8.4.0.5165) = C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe 3384 | [Owner : Système |Parent : 5248] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7600.16385) = C:\Windows\System32\SearchProtocolHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKLM\Software\simplitec Moved to quarantine successfully : D:\Kickstarter.exe Moved to quarantine successfully : C:\OkBootConfig.dat ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) G:\ : Vaccinated (Vaccin created by Pre_Scan) N:\ : Vaccinated (Vaccin created by Pre_Scan) O:\ : Vaccinated (Vaccin created by Pre_Scan) P:\ : Vaccinated (Vaccin created by Pre_Scan) R:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive E:] : Hidden : 4 | Restored : 4 ~ [Drive G:] : Hidden : 3 | Restored : 3 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 8 | Restored : 8 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Desktop] : Hidden : 2 | Restored : 2 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 90 | Restored : 90 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 5 | Restored : 5 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 27-UNKNWN 13G No No 2,048 27,262,976 1 1 07-NTFS 4.2G Yes No 27,265,024 8,593,408 2 2 0F-EXTEND 221G No No 35,860,417 452,531,647 End : 10:00:14 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 220