¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_26.11.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:19:54 12/15/2016

Updated 26/11/2016 | 11.35 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[p (Administrator)] - [P-PC]
SID = S-1-5-21-783560422-4001132519-2926651286-1000

Boot: Normal boot
System : Windows 7 Ultimate (64 bits) Ultimate Service Pack 1
ProcessorNameString : Intel(R) Core(TM) i3-3220 CPU @ 3.30GHz
Identifier : Intel64 Family 6 Model 58 Stepping 9
CoreTemp : 29.8 Celsius - Max : 106 Celsius

Memory RAM = Total (MB) : 4083 | Free (MB) : 3183
Pagefile = Total (MB) : 8165 | Free (MB) : 7072
Virtual = Total (MB) : 4194 | Free (MB) : 4032

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

D:\-> [Fixed] | [Nouveau nom] | Total : 230.78 Go | Free : 52.47 Go -> NTFS [ATA]
C:\-> [Fixed] | [] | Total : 234.88 Go | Free : 184.94 Go -> NTFS [ATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

No detected update !!! 

Microsoft : +


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\Windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\p

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [15.12.2016 @ 19_19_18])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.9600.18124     (© Microsoft Corporation.)
FF : 49.0.2.6136     (©Firefox and Mozilla Developers; available under the MPL 2 license.)
GC : 54.0.2840.99     (Copyright 2016 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 24.0.0.186
Plugin : 24.0.0.186

���������� # Security

AV : Kaspersky Anti-Virus Disabled
AS : ESET Internet Security 10.0.171.0 Disabled
AM : Malwarebytes Anti-Malware   (1.0.1.922)     []
FW : ESET Personal firewall Disabled
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

948 | [Owner :  |Parent : 764] - (.IObit - Advanced SystemCare Service.) - (10.0.2.81) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
108 | [Owner :  |Parent : 764] - (.ESET - ESET Service.) - (10.0.171.0) = C:\Program Files\ESET\ESET Internet Security\ekrn.exe
1328 | [Owner : Système |Parent : 764] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4425) = C:\Windows\System32\igfxCUIService.exe
1608 | [Owner : Système |Parent : 764] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe
1800 | [Owner : Système |Parent : 764] - (.Apple Inc. - MobileDeviceService.) - (17.344.6.6) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1832 | [Owner : p |Parent : 1384] - (.SurfRight B.V. - HitmanPro Scheduler.) - (3.7.0.5) = C:\Program Files\HitmanPro\hmpsched.exe
1924 | [Owner : p |Parent : 764] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe
2004 | [Owner : p |Parent : 1900] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe
2136 | [Owner : p |Parent : 1144] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe
2176 | [Owner : p |Parent : 2136] - (.IObit - Performance Monitor.) - (10.0.4.1285) = C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
2288 | [Owner : p |Parent : 2004] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3047) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
2348 | [Owner : Système |Parent : 764] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
2392 | [Owner : Système |Parent : 764] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (4.0.2.0) = C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
2528 | [Owner : p |Parent : 2004] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.25.2.3) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe
2228 | [Owner : SERVICE LOCAL |Parent : 764] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.5011) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5076 | [Owner : Système |Parent : 764] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.611) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
5380 | [Owner : p |Parent : 5076] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (17.0.0.643) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

�

Safeboot Minimal Subkeys : O.K !

�

Safeboot Network Subkeys : O.K !

¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center

Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] :  -> C:\Windows\System32\ActionCenter.dll



¤¤¤¤¤¤¤¤¤¤ # Services


Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : 3 -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 4 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry


Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-783560422-4001132519-2926651286-1000\$ITIQ3XP.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-783560422-4001132519-2926651286-1000\$RTIQ3XP.exe
Deleted : HKU\S-1-5-21-783560422-4001132519-2926651286-1000\Software\brizsoft

Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{6efa5ee7-f46f-11e5-bdca-00ac77dced17}.TM.blf
Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{6efa5ee7-f46f-11e5-bdca-00ac77dced17}.TMContainer00000000000000000001.regtrans-ms
Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{6efa5ee7-f46f-11e5-bdca-00ac77dced17}.TMContainer00000000000000000002.regtrans-ms
Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{6efa609e-f46f-11e5-bdca-00ac77dced17}.TM.blf
Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{6efa609e-f46f-11e5-bdca-00ac77dced17}.TMContainer00000000000000000001.regtrans-ms
Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{6efa609e-f46f-11e5-bdca-00ac77dced17}.TMContainer00000000000000000002.regtrans-ms

¤¤¤¤¤¤¤¤¤¤ # ADS

Deleted : @C:\ProgramData\Temp:1CE11B51

Prefetch -> cleaned


D:\ : Vaccinated (Vaccin created by Pre_Scan)

���������� | Hidden files

~ [Drive D:] : Hidden : 1522 | Restored : 1522
~ [Drive C:] : Hidden : 3 | Restored : 3
~ [Program Files] : Hidden : 7 | Restored : 6
~ [Users] : Hidden : 2 | Restored : 2
~ [Music] : Hidden : 2 | Restored : 2
~ [Documents] : Hidden : 4 | Restored : 4
~ [Desktop] : Hidden : 75 | Restored : 75
~ [Searches] : Hidden : 2 | Restored : 2
~ [Windows] : Hidden : 72 | Restored : 72
~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1
~ [AppData] : Hidden : 17 | Restored : 17


¤¤¤¤¤¤¤¤¤¤ # Drives

 Disk: 0   Size=477G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    07-NTFS    100M   Yes   No         2,048      204,800
  1    1    07-NTFS    241G   No    No       206,848  492,580,864
  2    2    07-NTFS    236G   No    No   492,787,712  483,981,312

End : 19:30:14


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 205