¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 00:27:58 11/19/2017 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [LFS Hyper (Administrator)] - [YOUCAM8WAIT] SID = S-1-5-21-4183021106-2149456055-877251859-1003 Boot: SafeMode with network System : Windows 7 Starter (32 bits) Starter Service Pack 1 ProcessorNameString : Intel(R) Atom(TM) CPU N450 @ 1.66GHz Identifier : x86 Family 6 Model 28 Stepping 10 CoreTemp : 51 Celsius - Max : 100 Celsius Memory RAM = Total (MB) : 1037 | Free (MB) : 623 Pagefile = Total (MB) : 2086 | Free (MB) : 1758 Virtual = Total (MB) : 2097 | Free (MB) : 1935 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives X:\-> [Fixed] | [SYSTEM & ANDROID] | Total : 4.1 Go | Free : 1.64 Go -> NTFS [ATA] P:\-> [Fixed] | [ZALMAN] | Total : 931.47 Go | Free : 913.08 Go -> NTFS [USB] I:\-> [Removable] | [FOLD-ISARDU] | Total : 14.9 Go | Free : 12.16 Go -> FAT32 [USB] H:\-> [Removable] | [] | Total : 30.03 Go | Free : 3.11 Go -> NTFS [USB] G:\-> [Removable] | [AUDIO PLAYE] | Total : 59.47 Go | Free : 56.4 Go -> exFAT [USB] F:\-> [Removable] | [UBUNTU MATE] | Total : 14.42 Go | Free : 0.73 Go -> FAT32 [USB] E:\-> [CDROM] | [SFR] | Total : 0.07 Go | Free : 0 Go -> CDFS [USB] D:\-> [Fixed] | [] | Total : 50.18 Go | Free : 18.26 Go -> NTFS [ATA] C:\-> [Fixed] | [Acer] | Total : 160.88 Go | Free : 123.09 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2016-12-20 00:55:28 Downloaded last ones : 2016-12-21 15:45:07 Installed last ones : 2017-02-04 12:34:33 Next search : 2017-11-18 15:27:29 ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\widen-finalis C:\Users\Acronis Agent User C:\Users\LFS Hyper Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [19.11.2017 @ 00_19_30]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.9600.17840 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 10.1.82.76 ���������� # Security AV : COMODO Antivirus Enabled AS : Windows Defender Disabled FW : COMODO Firewall Enabled WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 2336 | [Owner : datwin-bordo |Parent : 2536] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files\Zemana AntiMalware\ZAM.exe 5472 | [Owner : Système |Parent : 636] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe 2384 | [Owner : datwin-bordo |Parent : 612] - (.Microsoft Corporation - Gestionnaire des tâches de Windows.) - (6.1.7600.16385) = C:\Windows\System32\taskmgr.exe 1728 | [Owner : datwin-bordo |Parent : 3496] - (.SosVirus - Process Killer.) - (1.0.0.3) = C:\Users\datwin-bordo\Desktop\processclose_1.0.0.3.exe 1828 | [Owner : Système |Parent : 636] - (.SUPERAntiSpyware.com - Core Service.) - (6.0.0.1080) = C:\Program Files\SUPERAntiSpyware\SASCore.exe 3748 | [Owner : SERVICE LOCAL |Parent : 988] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.1.7600.16385) = C:\Windows\System32\WUDFHost.exe 2672 | [Owner : Système |Parent : 5472] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7600.16385) = C:\Windows\System32\SearchProtocolHost.exe 4260 | [Owner : Système |Parent : 5472] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7600.16385) = C:\Windows\System32\SearchFilterHost.exe 4828 | [Owner : datwin-bordo |Parent : 2552] - (.Zemana Ltd. - ZAM.) - (0.0.0.0) = C:\Program Files\Zemana AntiMalware\ZAM.exe 2592 | [Owner : Système |Parent : 664] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe 5052 | [Owner : Système |Parent : 664] - (.SUPERAntiSpyware.com - Core Service.) - (6.0.0.1080) = C:\Program Files\SUPERAntiSpyware\SASCore.exe 5196 | [Owner : datwin-bordo |Parent : 788] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe 888 | [Owner : SERVICE LOCAL |Parent : 1012] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.1.7600.16385) = C:\Windows\System32\WUDFHost.exe 5136 | [Owner : Système |Parent : 664] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7600.16385) = C:\Windows\System32\spoolsv.exe 1132 | [Owner : Système |Parent : 664] - (.Microsoft Corporation - Service de disque virtuel.) - (6.1.7600.16385) = C:\Windows\System32\vds.exe 5856 | [Owner : datwin-bordo |Parent : 2580] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16450) = C:\Windows\explorer.exe 4376 | [Owner : datwin-bordo |Parent : 788] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16450) = C:\Windows\explorer.exe 3720 | [Owner : datwin-bordo |Parent : 664] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7600.16385) = C:\Windows\System32\taskhost.exe 3032 | [Owner : LFS Hyper |Parent : 4032] - (. - UsbFix.) - (9.0.0.1) = C:\Users\LFS Hyper\AppData\Roaming\UsbFix\UsbFix.exe 2152 | [Owner : LFS Hyper |Parent : 3032] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.17514) = C:\Windows\explorer.exe 3188 | [Owner : LFS Hyper |Parent : 2152] - (.Microsoft Corporation - Chargeur CTF.) - (6.1.7600.16385) = C:\Windows\System32\ctfmon.exe 2104 | [Owner : LFS Hyper |Parent : 2152] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17840) = C:\Program Files\Internet Explorer\iexplore.exe 2968 | [Owner : LFS Hyper |Parent : 2104] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17840) = C:\Program Files\Internet Explorer\iexplore.exe 1824 | [Owner : LFS Hyper |Parent : 2152] - (.Microsoft Corporation - Gestionnaire des tâches de Windows.) - (6.1.7601.17514) = C:\Windows\System32\taskmgr.exe 2144 | [Owner : LFS Hyper |Parent : 3692] - (.SFR - Installeur du Gestionnaire de Connexion 3.1.67.1229 .) - (3.1.67.1229) = E:\FxFull_Setup_Gestionnaire_Connexion_SFR.exe 3884 | [Owner : LFS Hyper |Parent : 2144] - (. - Setup/Uninstall.) - (51.50.0.0) = C:\Users\LFS Hyper\AppData\Local\Temp\is-L9MPQ.tmp\FxFull_Setup_Gestionnaire_Connexion_SFR.tmp ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of F:\autorun.inf : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKLM\Software\utililab Will be moved in quarantine at reboot : C:\Windows\Tasks\UTILILAB SystemOPTIMIZER.job -> C:\Program Files\UTILILAB\SystemOPTIMIZER\USO.exe Moved to quarantine successfully : C:\Windows\Tasks\AdvancedDriverUpdaterRunAtStartup.job Moved to quarantine successfully : C:\Windows\Tasks\DriverUPDATER.job Moved to quarantine successfully : C:\Windows\Tasks\UTILILABDriverUPDATERRunAtStartup.job Moved to quarantine successfully : C:\Uninstall.exe Moved to quarantine successfully : C:\Updater.exe Moved to quarantine successfully : D:\AutoSaveEssentials_trial.exe Moved to quarantine successfully : D:\FIDO_NEW_AQFR.exe Moved to quarantine successfully : D:\fr-logomaker4-web-trial.exe Moved to quarantine successfully : D:\InstallVoodooShield.exe Moved to quarantine successfully : D:\mirror_go_setup_full1906.exe Moved to quarantine successfully : D:\pdf2html_demo_FR.exe Moved to quarantine successfully : D:\RegistryFirstAid_AQFR.exe Moved to quarantine successfully : D:\MBR.dat Moved to quarantine successfully : \BOOTSECT.BAK Moved to quarantine successfully : \config.sys Moved to quarantine successfully : \IO.SYS Moved to quarantine successfully : \lci.lci Moved to quarantine successfully : \logRegScan.log Moved to quarantine successfully : \MSDOS.SYS Moved to quarantine successfully : \prefs.js Moved to quarantine successfully : \Reflect_Install.log Moved to quarantine successfully : \RHDSetup.log Moved to quarantine successfully : \system_excludes Will be moved in quarantine at reboot : C:\ProgramData\SharewareOnSale Notifier ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned F:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive Z:] : Hidden : 8 | Restored : 8 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 10 | Restored : 10 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Windows] : Hidden : 82 | Restored : 82 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 176 | Restored : 176 End : 02:04:13 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 222