¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_23.10.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:53:06 10/28/2016 Updated 23/10/2016 | 14.10 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [barrow 2 & widen (Administrator)] - [BARROW2ETWIDEN] SID = S-1-5-21-1541472888-895532398-2178115478-1000 Boot: Normal boot System : Windows 7 Starter (32 bits) Starter Service Pack 1 ProcessorNameString : Intel(R) Atom(TM) CPU N450 @ 1.66GHz Identifier : x86 Family 6 Model 28 Stepping 10 CoreTemp : 53 Celsius - Max : 100 Celsius Memory RAM = Total (MB) : 1037 | Free (MB) : 471 Pagefile = Total (MB) : 2086 | Free (MB) : 1433 Virtual = Total (MB) : 2097 | Free (MB) : 1960 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives V:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 53.06 Go -> FAT32 [USB] U:\-> [Removable] | [séjour pari] | Total : 117.02 Go | Free : 62.42 Go -> exFAT [USB] S:\-> [Removable] | [PartedMagic] | Total : 59.5 Go | Free : 53.05 Go -> exFAT [USB] R:\-> [Removable] | [PARTED MAGI] | Total : 3.74 Go | Free : 0.43 Go -> FAT32 [USB] Q:\-> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 3.17 Go -> FAT32 [USB] O:\-> [Removable] | [PARTED MAGI] | Total : 15 Go | Free : 1.21 Go -> FAT32 [USB] M:\-> [Removable] | [FRAMAKEY SA] | Total : 28.78 Go | Free : 11.29 Go -> FAT32 [USB] L:\-> [Removable] | [HITMANPRO] | Total : 57.55 Go | Free : 26.33 Go -> FAT32 [USB] I:\-> [Removable] | [UUI] | Total : 7.26 Go | Free : 0.27 Go -> FAT32 [USB] H:\-> [Removable] | [CLONEZILLA] | Total : 1.86 Go | Free : 0.2 Go -> FAT32 [USB] G:\-> [Removable] | [COMPANION] | Total : 30.02 Go | Free : 1.72 Go -> FAT32 [USB] F:\-> [Fixed] | [AOMEI Recovery Partition] | Total : 0.77 Go | Free : 0.43 Go -> NTFS [ATA] E:\-> [Fixed] | [POWER2GO 11 FILES] | Total : 3.26 Go | Free : 3.05 Go -> NTFS [ATA] D:\-> [Removable] | [PARTED MAGI] | Total : 57.89 Go | Free : 48.03 Go -> FAT32 [USB] C:\-> [Fixed] | [Acer] | Total : 211.74 Go | Free : 99.27 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2016-10-28 06:15:52 Downloaded last ones : 2016-10-28 06:31:02 Installed last ones : 2016-10-28 06:17:35 Next search : 2016-10-29 00:18:54 Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\barrow 2 & widen Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [28.10.2016 @ 13_50_24]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.9600.18500 (© Microsoft Corporation.) FF : 49.0.2.6136 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 10.1.82.76 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Disabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 868 | [Owner : |Parent : 620] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) - (4.0.0.0) = C:\Program Files\Common Files\COMODO\launcher_service.exe 1544 | [Owner : |Parent : 620] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe 1708 | [Owner : Système |Parent : 620] - (.Comodo - Chromodo.) - (1.0.0.1) = C:\Program Files\COMODO\Chromodo\chromodo_updater.exe 1784 | [Owner : Système |Parent : 620] - (.Comodo - Comodo Dragon.) - (1.0.0.1) = C:\Program Files\COMODO\Dragon\dragon_updater.exe 1840 | [Owner : Système |Parent : 620] - (.Dritek System Inc. - Dritek WMI Service.) - (2.8.0.854) = C:\Program Files\Launch Manager\dsiwmis.exe 1920 | [Owner : Système |Parent : 620] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe 1960 | [Owner : Système |Parent : 620] - (.Acer Incorporated - ePowerSvc.) - (5.0.3005.0) = C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 2020 | [Owner : Système |Parent : 620] - (.Comodo Security Solutions, Inc. - GeekBuddy Remote Screen Protocol Server.) - (4.2.7.1) = C:\Program Files\Common Files\COMODO\GeekBuddyRSP.exe 380 | [Owner : Système |Parent : 620] - (.Acer Incorporated - Global Registration Service.) - (1.0.0.1) = C:\Program Files\Acer\Registration\GREGsvc.exe 1116 | [Owner : Système |Parent : 620] - (.Acer Incorporated - Updater Service.) - (1.2.3502.0) = C:\Program Files\Acer\Acer Updater\UpdaterService.exe 1424 | [Owner : Système |Parent : 620] - (.Acer Incorporated - Raw Socket Service.) - (4.5.3000.9285) = C:\Program Files\Acer\Acer VCM\RS_Service.exe 432 | [Owner : Système |Parent : 620] - (.Acer Incorporated - Updater Service.) - (1.2.3502.0) = C:\Program Files\Acer\Acer Updater\UpdaterService.exe 2460 | [Owner : Système |Parent : 1920] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\Todo Backup\bin\TodoBackupService.exe 2672 | [Owner : barrow 2 & widen |Parent : 620] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 2736 | [Owner : barrow 2 & widen |Parent : 1120] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe 2816 | [Owner : barrow 2 & widen |Parent : 2736] - (.Driver-Soft Inc. - Driver Genius.) - (16.0.0.245) = C:\Program Files\Driver-Soft\DriverGenius\DriverGenius.exe 2824 | [Owner : barrow 2 & widen |Parent : 2748] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe 3348 | [Owner : Système |Parent : 620] - (.Microsoft Corporation - Service de disque virtuel.) - (6.1.7601.17514) = C:\Windows\System32\vds.exe 3868 | [Owner : SERVICE LOCAL |Parent : 1048] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 1852 | [Owner : barrow 2 & widen |Parent : 2824] - (.Dritek System Inc. - Launch Manager.) - (4.0.14.854) = C:\Program Files\Launch Manager\LManager.exe 2988 | [Owner : barrow 2 & widen |Parent : 2824] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 3584 | [Owner : Système |Parent : 620] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe 3832 | [Owner : barrow 2 & widen |Parent : 1840] - (.Dritek System Inc. - Launch Manager Worker.) - (1.9.0.854) = C:\Program Files\Launch Manager\LMworker.exe 2332 | [Owner : barrow 2 & widen |Parent : 800] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe 1032 | [Owner : barrow 2 & widen |Parent : 2824] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.556) = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 1716 | [Owner : barrow 2 & widen |Parent : 2824] - (.Egis Technology Inc. - PMM Update Application.) - (1.1.34.0) = C:\Program Files\EgisTec IPS\PmmUpdate.exe 2156 | [Owner : barrow 2 & widen |Parent : 2824] - (.Egis Technology Inc. - MyWinLocker.) - (3.1.212.0) = C:\Program Files\EgisTec MyWinLocker\x86\mwlDaemon.exe 1808 | [Owner : barrow 2 & widen |Parent : 2824] - (.Intel Corporation - igfxTray Module.) - (8.14.10.2117) = C:\Windows\System32\igfxtray.exe 3344 | [Owner : barrow 2 & widen |Parent : 2824] - (.Intel Corporation - hkcmd Module.) - (8.14.10.2117) = C:\Windows\System32\hkcmd.exe 2776 | [Owner : barrow 2 & widen |Parent : 2824] - (.Intel Corporation - persistence Module.) - (8.14.10.2117) = C:\Windows\System32\igfxpers.exe 3192 | [Owner : barrow 2 & widen |Parent : 800] - (.Intel Corporation - igfxsrvc Module.) - (8.14.10.2117) = C:\Windows\System32\igfxsrvc.exe 3080 | [Owner : barrow 2 & widen |Parent : 2824] - (.ELAN Microelectronics Corp. - ETD Control Center.) - (10.0.0.105) = C:\Program Files\Elantech\ETDCtrl.exe 3796 | [Owner : barrow 2 & widen |Parent : 2824] - (. - DefaultSettingEXE MFC Application.) - (1.1.0.1) = C:\Windows\PLFSetI.exe 692 | [Owner : barrow 2 & widen |Parent : 2824] - (.Insyde Software Corp. - Sync Data.) - (1.1.1.1016) = C:\Program Files\Acer\Android Manager\iSync.exe 2148 | [Owner : barrow 2 & widen |Parent : 4088] - (.Egis Technology Inc. - EgisUpdate Release Application.) - (1.1.34.0) = C:\Program Files\EgisTec IPS\EgisUpdate.exe 3676 | [Owner : barrow 2 & widen |Parent : 2824] - (.Insyde Software Corp. - Acer Updater for Android™.) - (1.1.1.1019) = C:\Program Files\Acer\Updater\iUpdate.exe 3256 | [Owner : barrow 2 & widen |Parent : 2824] - (.Acer Incorporated - ePowerTray.) - (5.0.3005.0) = C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe 3692 | [Owner : barrow 2 & widen |Parent : 2824] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 4188 | [Owner : barrow 2 & widen |Parent : 800] - (.Intel Corporation - igfxext Module.) - (8.14.10.2117) = C:\Windows\System32\igfxext.exe 4348 | [Owner : Système |Parent : 1960] - (.Acer Incorporated - ePowerEvent.) - (5.0.3005.0) = C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe 4372 | [Owner : barrow 2 & widen |Parent : 2824] - (.Wondershare - Wondershare Studio.) - (2.5.0.0) = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 4416 | [Owner : barrow 2 & widen |Parent : 2824] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Partition Master Free Edition Application.) - (1.0.0.1) = C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\EpmNews.exe 4452 | [Owner : barrow 2 & widen |Parent : 2824] - (.CHENGDU Yiwo Tech Development Co., Ltd. - CleanUpUI Application.) - (11.0.0.0) = C:\Program Files\EaseUS\EaseUS Partition Master 11.9\bin\CleanUpUI.exe 4996 | [Owner : barrow 2 & widen |Parent : 3620] - (.Intel Corporation - IAStorIcon.) - (11.1.5.1001) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 5004 | [Owner : barrow 2 & widen |Parent : 3080] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) - (10.0.0.69) = C:\Program Files\Elantech\ETDCtrlHelper.exe 5080 | [Owner : barrow 2 & widen |Parent : 2824] - (.ClevX, LLC - ClevX USB Monitor.) - (3.0.0.0) = C:\Users\barrow 2 & widen\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe 5156 | [Owner : barrow 2 & widen |Parent : 2824] - (.Acer Incorporated - Acer VCM.) - (4.5.3006.62) = C:\Program Files\Acer\Acer VCM\AcerVCM.exe 5228 | [Owner : barrow 2 & widen |Parent : 2824] - (.CHENGDU Yiwo Tech Development Co., Ltd. - .) - (2.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EverySync.exe 5292 | [Owner : Système |Parent : 620] - (.Intel Corporation - IAStorDataSvc.) - (11.1.5.1001) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 5300 | [Owner : barrow 2 & widen |Parent : 2824] - (.Verbatim - Drive Protection.) - (2.6.4.1) = C:\Windows\Temp\SecurePro.exe 5344 | [Owner : Système |Parent : 868] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) - (4.0.0.0) = C:\Program Files\COMODO\GeekBuddy\unit_manager.exe 2128 | [Owner : Système |Parent : 5344] - (.Comodo Security Solutions, Inc. - livePCsupport Component.) - (4.0.0.0) = C:\Program Files\COMODO\GeekBuddy\unit.exe 5420 | [Owner : Système |Parent : 620] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (6.1.7601.17514) = C:\Windows\servicing\TrustedInstaller.exe 1764 | [Owner : barrow 2 & widen |Parent : 2824] - (.Mozilla Corporation - Firefox.) - (49.0.2.6136) = C:\Program Files\Mozilla Firefox\firefox.exe 4768 | [Owner : barrow 2 & widen |Parent : 1764] - (.Mozilla Corporation - Plugin Container for Firefox.) - (49.0.2.6136) = C:\Program Files\Mozilla Firefox\plugin-container.exe 3936 | [Owner : barrow 2 & widen |Parent : 800] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets Possible Ramnit : C:\Users\barrow 2 & widen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R71CQT4Q\search[1].htm : 707420747970653D22746578742F6A617661736372697074223E2F2F3C215B43444154415B0D0A73695F53543D6E657720446174653B0D0A2F2F5D5D3E3C2F73 ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\Users\barrow 2 & widen\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\R71CQT4Q\search[1].htm Will be moved in quarantine at reboot : U:\ccav_installer.exe Will be moved in quarantine at reboot : U:\devoir.exe Will be moved in quarantine at reboot : U:\driver_genius_1.exe Will be moved in quarantine at reboot : U:\epm.exe Will be moved in quarantine at reboot : U:\KCinst.exe Will be moved in quarantine at reboot : S:\RSIT.exe Moved to quarantine successfully : M:\start.exe Moved to quarantine successfully : L:\Kickstarter.exe Moved to quarantine successfully : F:\OldMbr.dat ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) G:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Pre_Scan) I:\ : Vaccinated (Vaccin created by Pre_Scan) O:\ : Vaccinated (Vaccin created by Pre_Scan) R:\ : Vaccinated (Vaccin created by Pre_Scan) U:\ : Impossible to vaccinate V:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 1 | Restored : 1 ~ [Drive G:] : Hidden : 2 | Restored : 2 ~ [Drive H:] : Hidden : 155 | Restored : 155 ~ [Drive O:] : Hidden : 154 | Restored : 154 ~ [Drive R:] : Hidden : 154 | Restored : 154 ~ [Drive C:] : Hidden : 2 | Restored : 2 ~ [Program Files] : Hidden : 6 | Restored : 6 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 6 | Restored : 6 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 99 | Restored : 99 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 12 | Restored : 12 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 27-UNKNWN 13G No No 2,048 27,262,976 1 1 07-NTFS 4.2G Yes No 27,265,024 8,593,408 2 2 0F-EXTEND 221G No No 35,860,417 452,531,647 End : 15:32:03 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 266