¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 10:32:38 05/19/2018 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Production (Administrator)] - [PRODUCTION-PC] SID = S-1-5-21-874831253-672425623-4064217238-1000 Boot: Normal boot System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1 ProcessorNameString : AMD Athlon(tm) II X2 220 Processor Identifier : AMD64 Family 16 Model 6 Stepping 3 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 4194 | Free (MB) : 2492 Pagefile = Total (MB) : 8385 | Free (MB) : 6361 Virtual = Total (MB) : 4194 | Free (MB) : 3978 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\MOD01SET5O000N0002.enc C:\Windows\Setup\Scripts\MonitorAuto_x64.exe C:\Windows\Setup\Scripts\OOBE.CMD C:\Windows\Setup\Scripts\SetupComplete.cmd C:\Windows\Setup\Scripts\useralaunch.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives D:\-> [Fixed] | [Data] | Total : 223.07 Go | Free : 0.74 Go -> NTFS [ATA] C:\-> [Fixed] | [Acer] | Total : 223.06 Go | Free : 104.39 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2018-05-18 15:00:30 Downloaded last ones : 2018-05-19 00:24:36 Installed last ones : 2018-05-19 01:55:01 Next search : 2018-05-19 11:11:00 Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Production C:\Users\Fedo Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [19.05.2018 @ 10_30_47]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.9600.19003 (© Microsoft Corporation.) GC : 66.0.3359.181 (Copyright 2017 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 10.2.153.1 ���������� # Security AV : Kaspersky Total Security Enabled AS : Windows Defender Enabled FW : Kaspersky Total Security Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 480 | [Owner : |Parent : 756] - (.AMD - AMD External Events Service Module.) - (6.14.11.1111) = C:\Windows\System32\atiesrxx.exe 1508 | [Owner : |Parent : 756] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7601.24000) = C:\Windows\System32\spoolsv.exe 1632 | [Owner : Système |Parent : 756] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.26.5200) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 1772 | [Owner : Système |Parent : 756] - (.Adobe Systems Incorporated - Adobe Update Service.) - (4.4.1.298) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe 1804 | [Owner : Système |Parent : 756] - (.Adobe Systems, Incorporated - Adobe Genuine Software Integrity Service.) - (4.5.0.814) = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe 1940 | [Owner : Système |Parent : 756] - (. - app_filter Module.) - (2.2.0.465) = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 1968 | [Owner : Système |Parent : 756] - (.Acer Incorporated - Global Registration Service.) - (1.0.0.1) = C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 2016 | [Owner : Système |Parent : 756] - (.Acer Incorporated - Updater Service.) - (1.2.3005.0) = C:\Program Files\Acer\Acer Updater\UpdaterService.exe 1296 | [Owner : Système |Parent : 756] - (.Nitro PDF Software - Nitro PDF Spool Service.) - (7.0.0.1) = C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe 1664 | [Owner : Système |Parent : 756] - (. - .) - (0.0.0.0) = C:\Program Files\Nitro\Pro 9\Nitro_UpdateService.exe 1688 | [Owner : Système |Parent : 756] - (.Nalpeiron Ltd. - This service enables products that use the Nalpeiron Licensing System .) - (7.3.4.0) = C:\Windows\SysWOW64\NLSSRV32.EXE 1740 | [Owner : Système |Parent : 756] - (.Symantec Corporation - Norton Online Backup Service.) - (2.1.17869.0) = C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 2072 | [Owner : Système |Parent : 756] - (.Microsoft Corporation - Microsoft SeaPort Search Enhancement Broker.) - (3.1.158.0) = C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 2140 | [Owner : Système |Parent : 756] - (.LULU Software - Soda PDF.) - (1.0.0.0) = C:\Program Files\Soda PDF Desktop\creator\common\creator-ws.exe 2168 | [Owner : Système |Parent : 756] - (.LULU Software Limited - Messenger service.) - (9.0.8.33982) = C:\Program Files (x86)\Soda PDF Desktop Manager\Soda PDF Desktop\Soda Manager.exe 2212 | [Owner : Système |Parent : 756] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 2248 | [Owner : Système |Parent : 756] - (. - NVIDIA Corporation.) - (2.2.0.7316) = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 2424 | [Owner : Système |Parent : 2212] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4225.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE 2392 | [Owner : SERVICE LOCAL |Parent : 940] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 3608 | [Owner : Système |Parent : 480] - (.AMD - AMD External Events Client Module.) - (6.14.11.1111) = C:\Windows\System32\atieclxx.exe 1792 | [Owner : Système |Parent : 940] - (.Microsoft Corporation - Composant de saisie tactile ou avec stylet Microsoft.) - (6.1.7601.23971) = C:\Windows\System32\wisptis.exe 2468 | [Owner : Système |Parent : 756] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe 1980 | [Owner : Système |Parent : 756] - (.Nero AG - NeroUpdate.) - (1.0.18.0) = C:\Program Files (x86)\Nero\Update\NASvc.exe 4296 | [Owner : SERVICE RÉSEAU |Parent : 756] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 4464 | [Owner : Système |Parent : 756] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7601.23930) = C:\Windows\System32\SearchIndexer.exe 1140 | [Owner : Production |Parent : 756] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe 3804 | [Owner : Production |Parent : 1120] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe 4608 | [Owner : Production |Parent : 940] - (.Microsoft Corporation - Composant de saisie tactile ou avec stylet Microsoft.) - (6.1.7601.23971) = C:\Windows\System32\wisptis.exe 6476 | [Owner : Production |Parent : 940] - (.Microsoft Corporation - Tablet PC Input Panel Accessory.) - (6.1.7601.18984) = C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe 3416 | [Owner : Production |Parent : 6472] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7601.23537) = C:\Windows\explorer.exe 4360 | [Owner : Système |Parent : 4464] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.23930) = C:\Windows\System32\SearchProtocolHost.exe 5964 | [Owner : Production |Parent : 2468] - (.AO Kaspersky Lab - Kaspersky Secure Connection.) - (18.0.0.405) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe 1852 | [Owner : Production |Parent : 3416] - (.Acer Corp. - Acer Touch Portal Button Monitor.) - (1.0.0.6) = C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe 5324 | [Owner : Production |Parent : 3416] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.593) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 5888 | [Owner : Production |Parent : 3416] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 7128 | [Owner : Production |Parent : 924] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe 6236 | [Owner : Production |Parent : 6004] - (. - THIDTray.) - (3.0.3003.0) = C:\Program Files (x86)\Acer\Acer TouchPortal\THIDTray.exe 2648 | [Owner : Production |Parent : 3804] - (.CyberLink Corp. - clear.fi Resident Program.) - (4.0.7229.0) = C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe 6304 | [Owner : Production |Parent : 5764] - (.CyberLink - YouCam Mirage.) - (1.0.0.629) = C:\Program Files (x86)\Acer\Acer TouchPortal\YouCam\YCMMirage.exe 1704 | [Owner : Production |Parent : 2280] - (.Piriform Ltd - CCleaner.) - (5.35.0.6210) = C:\Program Files\CCleaner\CCleaner64.exe 7044 | [Owner : Production |Parent : 3416] - (.Egis Technology Inc. - EgisUpdate Release Application.) - (1.1.36.0) = C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe 5144 | [Owner : Production |Parent : 5764] - (.CyberLink Corp. - CyberLink YouCam Tray.) - (4.0.1118.13622) = C:\Program Files (x86)\Acer\Acer TouchPortal\YouCam\YouCamTray.exe 6648 | [Owner : Production |Parent : 3416] - (.Microsoft Corporation - Serveur de personnalisation d’entrée.) - (6.1.7600.16385) = C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe 6360 | [Owner : Production |Parent : 5764] - (.Egis Technology Inc. - SuiteTray.) - (4.0.14.11) = C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe 5300 | [Owner : Production |Parent : 5764] - (.Egis Technology Inc. - PMM Update Application.) - (1.1.36.0) = C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe 4540 | [Owner : Production |Parent : 3416] - (.Google Inc. - Google Chrome.) - (66.0.3359.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 6208 | [Owner : Production |Parent : 4540] - (.Google Inc. - Google Chrome.) - (66.0.3359.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 3452 | [Owner : Production |Parent : 3804] - (.CyberLink - DMREngine.) - (1.2.0.4221) = C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\DMREngine.exe 5348 | [Owner : Production |Parent : 5764] - (.CyberLink Corp. - clear.fi Movie Resident Program.) - (9.0.8031.0) = C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe 5820 | [Owner : Production |Parent : 5764] - (. - Hotkey Utility.) - (2.5.3014.0) = C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe 1828 | [Owner : Production |Parent : 5764] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) - (4.4.1.298) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe 5720 | [Owner : Production |Parent : 5764] - (.Adobe Systems Inc. - AcroTray.) - (18.11.20040.19174) = C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\acrotray.exe 4700 | [Owner : Production |Parent : 5764] - (.CANON INC. - Canon IJ Network Scanner Selector EX.) - (1.5.2.216) = C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe 6964 | [Owner : Production |Parent : 4540] - (.Google Inc. - Google Chrome.) - (66.0.3359.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 6132 | [Owner : Production |Parent : 1828] - (.Adobe Systems Incorporated - Adobe IPC Broker.) - (5.4.0.57) = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe 6308 | [Owner : Production |Parent : 4540] - (.Google Inc. - Google Chrome.) - (66.0.3359.181) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 6572 | [Owner : Production |Parent : 2648] - (.CyberLink - CLMSService.) - (2.0.0.4217) = C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLMSService.exe 3976 | [Owner : Production |Parent : 1828] - (.Adobe Systems Incorporated - Creative Cloud.) - (4.4.1.298) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe 3252 | [Owner : Production |Parent : 1828] - (.Adobe Systems Incorporated - Adobe CEF Helper.) - (4.4.1.298) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe 1492 | [Owner : Production |Parent : 3976] - (. - Core Sync.) - (2.4.6.82) = C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe 1008 | [Owner : Production |Parent : 3976] - (.Adobe Systems Incorporated - CCXProcess.) - (2.1.1.450) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe 3520 | [Owner : Production |Parent : 1008] - (.Node.js - Node.js: Server-side JavaScript.) - (6.9.2.0) = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe 6316 | [Owner : Production |Parent : 720] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.1.7601.24117) = C:\Windows\System32\conhost.exe 4408 | [Owner : Production |Parent : 1828] - (.Adobe Systems Incorporated - Adobe CEF Helper.) - (4.4.1.298) = C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe 8088 | [Owner : Production |Parent : 1120] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7601.17514) = C:\Windows\System32\taskeng.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : 3 -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-874831253-672425623-4064217238-1000\Software\4kdownload.com Deleted : HKU\S-1-5-21-874831253-672425623-4064217238-1000\Software\cooliris Moved to quarantine successfully : D:\drfone-for-ios_full1283.exe Moved to quarantine successfully : D:\GetDataBack Simple.exe Moved to quarantine successfully : C:\msdia80.dll Moved to quarantine successfully : D:\593F510.tmp Moved to quarantine successfully : D:\63xDDAC.tmp Moved to quarantine successfully : D:\9kwDB44.tmp Moved to quarantine successfully : D:\d8xDE69.tmp Moved to quarantine successfully : D:\kDD4D.tmp Moved to quarantine successfully : D:\mso5A2B.tmp Moved to quarantine successfully : D:\qc3F56E.tmp Moved to quarantine successfully : D:\r6xDE0A.tmp Moved to quarantine successfully : D:\xtxDC7F.tmp ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive Z:] : Hidden : 227 | Restored : 227 ~ [Drive C:] : Hidden : 3 | Restored : 3 ~ [Program Files] : Hidden : 127 | Restored : 126 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 4 | Restored : 4 ~ [Desktop] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 47 | Restored : 47 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 64 | Restored : 64 End : 10:52:41 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 248