¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_26.04.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 22:00:32 04/30/2017 Updated 26/04/2017 | 18.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [ldjaps (Administrator)] - [LDJAPS-PC] SID = S-1-5-21-2960159090-924148967-2076729095-1000 Boot: Normal boot System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ProcessorNameString : AMD Phenom(tm) II X4 965 Processor Identifier : AMD64 Family 16 Model 4 Stepping 3 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 4192 | Free (MB) : 2853 Pagefile = Total (MB) : 8383 | Free (MB) : 6988 Virtual = Total (MB) : 4194 | Free (MB) : 3974 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives D:\-> [Fixed] | [Documents] | Total : 632.03 Go | Free : 194.43 Go -> NTFS [ATA] C:\-> [Fixed] | [] | Total : 299.38 Go | Free : 269.54 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2017-04-30 17:05:32 Downloaded last ones : 2017-04-30 19:58:13 Installed last ones : 2017-04-30 18:40:29 Next search : 2017-05-01 14:11:56 Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\ldjaps Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [30.04.2017 @ 22_00_18]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 8.0.7601.17514 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ���������� # Security AV : Malwarebytes Enabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 884 | [Owner : |Parent : 536] - (.AMD - AMD External Events Service Module.) - (6.14.11.1168) = C:\Windows\System32\atiesrxx.exe 1224 | [Owner : |Parent : 536] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe 1356 | [Owner : Système |Parent : 536] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 1404 | [Owner : Système |Parent : 536] - (.Hi-Rez Studios - HiPatchService.) - (5.1.1.0) = C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe 1080 | [Owner : SERVICE LOCAL |Parent : 968] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 2740 | [Owner : Système |Parent : 536] - (.Microsoft Corporation - .NET Runtime Optimization Service.) - (4.0.30319.17929) = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 2772 | [Owner : Système |Parent : 536] - (.Microsoft Corporation - .NET Runtime Optimization Service.) - (4.0.30319.17929) = C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 2824 | [Owner : Système |Parent : 884] - (.AMD - AMD External Events Client Module.) - (6.14.11.1168) = C:\Windows\System32\atieclxx.exe 2912 | [Owner : ldjaps |Parent : 536] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.17514) = C:\Windows\System32\taskhost.exe 2956 | [Owner : ldjaps |Parent : 1012] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe 2484 | [Owner : ldjaps |Parent : 2972] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe 2556 | [Owner : ldjaps |Parent : 2956] - (. - .) - (0.0.0.0) = C:\Windows\DAODx.exe 2396 | [Owner : ldjaps |Parent : 2484] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.482) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 1424 | [Owner : ldjaps |Parent : 428] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2588 | [Owner : Système |Parent : 536] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe 3112 | [Owner : SERVICE RÉSEAU |Parent : 536] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 3176 | [Owner : ldjaps |Parent : 3052] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Users\ldjaps\AppData\Local\Google\Update\1.3.33.5\GoogleCrashHandler.exe 3288 | [Owner : ldjaps |Parent : 3052] - (.Google Inc. - Google Crash Handler.) - (1.3.33.5) = C:\Users\ldjaps\AppData\Local\Google\Update\1.3.33.5\GoogleCrashHandler64.exe 3560 | [Owner : ldjaps |Parent : 1424] - (.ATI Technologies Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 3732 | [Owner : ldjaps |Parent : 1012] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe 4752 | [Owner : ldjaps |Parent : 2484] - (.HI-REZ STUDIOS, INC. - HI-REZ Launcher.) - (5.1.1.0) = C:\Program Files (x86)\Hi-Rez Studios\HirezLauncherUI.exe 5064 | [Owner : ldjaps |Parent : 1012] - (.Microsoft Corporation - Windows Update.) - (7.6.7600.320) = C:\Windows\System32\wuauclt.exe 1340 | [Owner : ldjaps |Parent : 536] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.17514) = C:\Windows\System32\taskhost.exe 1772 | [Owner : ldjaps |Parent : 2484] - (.Thorvald Natvig - Mumble - Low-latency VoIP client.) - (1.2.19.0) = C:\Program Files (x86)\Mumble\mumble.exe 4416 | [Owner : ldjaps |Parent : 2484] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Users\ldjaps\AppData\Local\Google\Chrome\Application\chrome.exe 4064 | [Owner : ldjaps |Parent : 4416] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Users\ldjaps\AppData\Local\Google\Chrome\Application\chrome.exe 4388 | [Owner : ldjaps |Parent : 4416] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Users\ldjaps\AppData\Local\Google\Chrome\Application\chrome.exe 4076 | [Owner : ldjaps |Parent : 4416] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Users\ldjaps\AppData\Local\Google\Chrome\Application\chrome.exe 4796 | [Owner : ldjaps |Parent : 4416] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Users\ldjaps\AppData\Local\Google\Chrome\Application\chrome.exe 1984 | [Owner : ldjaps |Parent : 4416] - (.Google Inc. - Google Chrome.) - (58.0.3029.81) = C:\Users\ldjaps\AppData\Local\Google\Chrome\Application\chrome.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : 3 -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2960159090-924148967-2076729095-1000\$I41IGEB.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2960159090-924148967-2076729095-1000\$I9T2PTW.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2960159090-924148967-2076729095-1000\$R41IGEB.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2960159090-924148967-2076729095-1000\$R9T2PTW.exe Moved to quarantine successfully : D:\Clip.exe Moved to quarantine successfully : D:\Diaporama.exe Moved to quarantine successfully : D:\diapo_st_etienne.exe Moved to quarantine successfully : D:\Manga.exe Moved to quarantine successfully : D:\PC portable.exe Moved to quarantine successfully : D:\pdv.exe Moved to quarantine successfully : D:\perso.exe Moved to quarantine successfully : D:\Radio.exe Moved to quarantine successfully : D:\St etienne de cantales 2013.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 325 | Restored : 325 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 1 | Restored : 1 ~ [Searches] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 226 | Restored : 226 ~ [AppData] : Hidden : 6 | Restored : 6 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 307G No No 206,848 627,849,216 2 2 0F-EXTEND 647G No No 628,058,049 325,462,016 End : 22:12:25 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 211