¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_14.03.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 10:35:54 Updated 14/03/2016 | 05.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_ULTRA] SID = S-1-5-21-548406213-3309102694-2939433529-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2814 Pagefile = Total (MB) : 5189 | Free (MB) : 4413 Virtual = Total (MB) : 4194 | Free (MB) : 3960 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives O:\-> [Removable] | [riverboats] | Total : 57.66 Go | Free : 57.22 Go -> NTFS [USB] L:\-> [Removable] | [STYLO ESPIO] | Total : 3.69 Go | Free : 3.17 Go -> FAT32 [USB] K:\-> [Removable] | [] | Total : 1.83 Go | Free : 0 Go -> FAT [USB] J:\-> [Removable] | [sandisk con] | Total : 119.04 Go | Free : 112.64 Go -> exFAT [USB] I:\-> [Fixed] | [my disk] | Total : 931.48 Go | Free : 480.12 Go -> NTFS [USB] G:\-> [CDROM] | [roguekiller&webc] | Total : 0.79 Go | Free : 0 Go -> UDF [SATA] F:\-> [Removable] | [carbide slim] | Total : 476.71 Go | Free : 123.96 Go -> NTFS [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 866.73 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Jean-Marie C:\Users\_ashbackuppb_ C:\Users\_ashbackup_ Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [26.03.2016 @ 10_33_32]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.20 (© Microsoft Corporation.) FF : 45.0.1.5918 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 49.0.2623.108 (Copyright 2015 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 21.0.0.182 ���������� # Security AV : ZoneAlarm Antivirus Enabled AS : Windows Defender Disabled FW : ZoneAlarm Firewall Enabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1248 | [Owner : |Parent : 724] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1392 | [Owner : |Parent : 1248] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1772 | [Owner : |Parent : 724] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 1860 | [Owner : |Parent : 1772] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 2284 | [Owner : |Parent : 724] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe 2684 | [Owner : Système |Parent : 724] - (.ABBYY Production LLC - ABBYY network license server.) - (3.4.1.36) = C:\Program Files (x86)\ABBYY PDF Transformer+\NetworkLicenseServer.exe 2696 | [Owner : Système |Parent : 724] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2704 | [Owner : Système |Parent : 724] - (.Acronis - Acronis Scheduler 2.) - (1.0.0.384) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe 2736 | [Owner : Système |Parent : 724] - (.Microsoft Corp. - Bing Desktop updating service.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe 2764 | [Owner : Système |Parent : 724] - (.ArcticLine Software - FileMarker.NET Apply Icon Service.) - (1.0.1.0) = C:\Program Files (x86)\FileMarker.NET\FileMarkerService.exe 3228 | [Owner : SERVICE LOCAL |Parent : 1152] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 3252 | [Owner : Aucun |Parent : 724] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupService-abpb.exe 3260 | [Owner : Aucun |Parent : 724] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupService-ab.exe 3992 | [Owner : Jean-Marie |Parent : 892] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 4012 | [Owner : Aucun |Parent : 3260] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\oxHelper.exe 1624 | [Owner : Jean-Marie |Parent : 892] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe 3268 | [Owner : Jean-Marie |Parent : 876] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 4268 | [Owner : Jean-Marie |Parent : 4244] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.104) = C:\Windows\explorer.exe 4832 | [Owner : Jean-Marie |Parent : 4268] - (.IvoSoft - Classic Start Menu.) - (4.2.5.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe 5084 | [Owner : LogonSessionId_0_321692 |Parent : 724] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe 3848 | [Owner : Jean-Marie |Parent : 876] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.63) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5672 | [Owner : Jean-Marie |Parent : 724] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe 1068 | [Owner : Jean-Marie |Parent : 4268] - (.Acronis - Acronis Scheduler Helper.) - (1.0.0.384) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe 1972 | [Owner : Jean-Marie |Parent : 4268] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\backupClient-ab.exe 3272 | [Owner : Jean-Marie |Parent : 1972] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2016\bin\oxHelper.exe 5384 | [Owner : Système |Parent : 752] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.162) = C:\Windows\System32\fontdrvhost.exe 1932 | [Owner : Jean-Marie |Parent : 4268] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\backupClient-abpb.exe 5548 | [Owner : Jean-Marie |Parent : 1932] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup Pro 10\bin\oxHelper.exe 5556 | [Owner : Jean-Marie |Parent : 4268] - (.Acebyte - Acebyte Utilities.) - (1.0.0.1) = C:\Program Files (x86)\Acebyte\Acebyte Utilities 3\AcebyteTray.exe 5440 | [Owner : Jean-Marie |Parent : 4268] - (.Orbiscom Ltd. - ECBL Client.) - (2.2.7.0) = C:\Program Files (x86)\e-Carte Bleue LCL\ecbl-lcl.exe 2808 | [Owner : Jean-Marie |Parent : 4268] - (.Secunia - Secunia PSI Tray.) - (3.0.0.11005) = C:\Program Files (x86)\Secunia\PSI\psi_tray.exe 4712 | [Owner : Jean-Marie |Parent : 2824] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 3300 | [Owner : Jean-Marie |Parent : 5576] - (.iSkySoft - iSkySoft Studio.) - (2.3.5.0) = C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe 1836 | [Owner : Jean-Marie |Parent : 5576] - (.Wondershare - Wondershare Studio.) - (2.3.0.1) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 6352 | [Owner : Jean-Marie |Parent : 4712] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 1184 | [Owner : Système |Parent : 724] - (.Secunia - Secunia PSI Agent.) - (3.0.0.11005) = C:\Program Files (x86)\Secunia\PSI\psia.exe 796 | [Owner : Jean-Marie |Parent : 876] - (.Microsoft Corporation - InstallAgent.) - (10.0.10586.122) = C:\Windows\System32\InstallAgent.exe 7360 | [Owner : LogonSessionId_0_956643 |Parent : 724] - (.Microsoft Corporation - Service de cliché instantané de volumes Microsoft®.) - (10.0.10586.0) = C:\Windows\System32\VSSVC.exe 6288 | [Owner : Jean-Marie |Parent : 876] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe 804 | [Owner : Jean-Marie |Parent : 876] - (. - .) - (10.0.0.355) = C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe 7164 | [Owner : Jean-Marie |Parent : 4268] - (.SPAMfighter ApS - OUTDATEfighter product.) - (1.1.91.1) = C:\Program Files (x86)\Fighters\OUTDATEfighter\OUTDATEfighter.exe 4484 | [Owner : Jean-Marie |Parent : 7164] - (.SPAMfighter ApS - OUTDATEfighter product.) - (1.1.91.1) = C:\Program Files (x86)\Fighters\OUTDATEfighter\OUTDATEfighter.exe 2368 | [Owner : Jean-Marie |Parent : 892] - (.Microsoft Corporation - Windows Update.) - (10.0.10586.17) = C:\Windows\System32\wuauclt.exe 944 | [Owner : Jean-Marie |Parent : 2368] - (.Microsoft Corporation - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030.) - (11.0.61030.0) = C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exe 7088 | [Owner : Jean-Marie |Parent : 944] - (.Microsoft Corporation - Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030.) - (11.0.61030.0) = C:\Windows\SoftwareDistribution\Download\Install\vcredist_x64.exe 6440 | [Owner : Jean-Marie |Parent : 4268] - (.Mozilla Corporation - Firefox.) - (45.0.1.5918) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe 256 | [Owner : Jean-Marie |Parent : 876] - (.Microsoft Corporation - Paramètres.) - (10.0.10586.11) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe 3068 | [Owner : Jean-Marie |Parent : 876] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.122) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 7212 | [Owner : SERVICE LOCAL |Parent : 1060] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.9.10586.0) = C:\Program Files\Windows Defender\MpCmdRun.exe 2660 | [Owner : SERVICE LOCAL |Parent : 7212] - (.Microsoft Corporation - Console Window Host.) - (10.0.10586.0) = C:\Windows\System32\conhost.exe 2336 | [Owner : |Parent : 724] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.0) = C:\Program Files\Windows Defender\MsMpEng.exe 1972 | [Owner : Jean-Marie |Parent : 432] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 1264 | [Owner : Jean-Marie |Parent : 1140] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.104) = C:\Windows\explorer.exe 1716 | [Owner : Jean-Marie |Parent : 1264] - (.IvoSoft - Classic Start Menu.) - (4.2.5.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe 504 | [Owner : Jean-Marie |Parent : 1264] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.10586.0) = C:\Windows\System32\ctfmon.exe 2264 | [Owner : Jean-Marie |Parent : 756] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 2312 | [Owner : Jean-Marie |Parent : 756] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.63) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2752 | [Owner : Jean-Marie |Parent : 756] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.10586.0) = C:\Windows\HelpPane.exe 2840 | [Owner : Jean-Marie |Parent : 756] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe 1204 | [Owner : Jean-Marie |Parent : 756] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.122) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-548406213-3309102694-2939433529-1001\Software\freeware Moved to quarantine successfully : C:\Windows.old\WINDOWS\WinSxS\FileMaps\$$_syswow64_recovery_359f81e4d381fca3.cdf-ms Moved to quarantine successfully : C:\Windows.old\WINDOWS\WinSxS\FileMaps\$$_system32_recovery_f87e94e0816fb86b.cdf-ms Moved to quarantine successfully : C:\Windows\WinSxS\FileMaps\$$_syswow64_recovery_359f81e4d381fca3.cdf-ms Moved to quarantine successfully : C:\Windows\WinSxS\FileMaps\$$_system32_recovery_f87e94e0816fb86b.cdf-ms Moved to quarantine successfully : C:\Program Files (x86)\Paragon Software\NTFS-HFS Converter\program\resource\ui\exchange_recovery_selectsource.ui Moved to quarantine successfully : C:\Program Files (x86)\Paragon Software\NTFS-HFS Converter\program\resource\ui\exchange_recovery_options.ui Moved to quarantine successfully : C:\Program Files (x86)\Paragon Software\NTFS-HFS Converter\program\resource\ui\exchange_recovery_console.ui Moved to quarantine successfully : C:\Program Files (x86)\Paragon Software\NTFS-HFS Converter\program\resource\img\exchange_recovery_large.png Moved to quarantine successfully : C:\Program Files\Paragon Software\Partition Manager 14 Free\program\resource\ui\exchange_recovery_selectsource.ui Moved to quarantine successfully : C:\Program Files\Paragon Software\Partition Manager 14 Free\program\resource\ui\exchange_recovery_options.ui Moved to quarantine successfully : C:\Program Files\Paragon Software\Partition Manager 14 Free\program\resource\ui\exchange_recovery_console.ui Moved to quarantine successfully : C:\Program Files\Paragon Software\Partition Manager 14 Free\program\resource\img\exchange_recovery_large.png Moved to quarantine successfully : C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\resource\ui\exchange_recovery_selectsource.ui Moved to quarantine successfully : C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\resource\ui\exchange_recovery_options.ui Moved to quarantine successfully : C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\resource\ui\exchange_recovery_console.ui Moved to quarantine successfully : C:\Program Files\Paragon Software\Backup and Recovery 14 Free\program\resource\img\exchange_recovery_large.png Moved to quarantine successfully : C:\$Windows.~BT\NewOS\Windows\WinSxS\Temp\PendingRenames\95ec08d0ae86d1015a95000014014807.$$_system32_recovery_f87e94e0816fb86b.cdf-ms Moved to quarantine successfully : C:\$Windows.~BT\NewOS\Windows\WinSxS\Temp\PendingRenames\94b248ceae86d1013593000014014807.$$_syswow64_recovery_359f81e4d381fca3.cdf-ms Moved to quarantine successfully : C:\$Windows.~BT\NewOS\Windows\WinSxS\FileMaps\$$_syswow64_recovery_359f81e4d381fca3.cdf-ms Moved to quarantine successfully : C:\$Windows.~BT\NewOS\Windows\WinSxS\FileMaps\$$_system32_recovery_f87e94e0816fb86b.cdf-ms Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[iSkysoft Helper Compact.exe] : C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe Moved to quarantine successfully : J:\TotalSystemCare-Setup.exe Moved to quarantine successfully : J:\recall.exe Moved to quarantine successfully : J:\pctrans_trial.exe Moved to quarantine successfully : I:\Adware_Prevention.exe Moved to quarantine successfully : I:\clipgrab-3.5.6.exe Moved to quarantine successfully : I:\DAEMONToolsUltra410-0489_paid.exe Moved to quarantine successfully : I:\delfix_1.012(2).exe Moved to quarantine successfully : I:\delfix_1.012.exe Moved to quarantine successfully : I:\DTLiteInstaller.exe Moved to quarantine successfully : I:\filmora-romantic-effect-pack.exe Moved to quarantine successfully : I:\pctrans_trial.exe Moved to quarantine successfully : I:\recall.exe Moved to quarantine successfully : I:\TotalSystemCare-Setup.exe Moved to quarantine successfully : I:\watermark-software.exe Moved to quarantine successfully : I:\WMOSetup.exe Moved to quarantine successfully : F:\ADD12_trial_fr-FR.exe Moved to quarantine successfully : F:\br14-free_eng.exe Moved to quarantine successfully : F:\clipgrab-3.5.6.exe Moved to quarantine successfully : F:\DAEMONToolsUltra410-0489_paid.exe Moved to quarantine successfully : F:\DTLiteInstaller.exe Moved to quarantine successfully : F:\filmora-romantic-effect-pack.exe Moved to quarantine successfully : F:\isobuster_install.exe Moved to quarantine successfully : F:\isotousb_setup.exe Moved to quarantine successfully : F:\OUTDATEfighter_Web.exe Moved to quarantine successfully : F:\pctrans.exe Moved to quarantine successfully : F:\pctrans_trial.exe Moved to quarantine successfully : F:\pm14free_x64_fr.exe Moved to quarantine successfully : F:\PSISetup.exe Moved to quarantine successfully : F:\pwfree91.exe Moved to quarantine successfully : F:\Start Commandline Scanner.exe Moved to quarantine successfully : F:\Start Emergency Kit Scanner.exe Moved to quarantine successfully : F:\USBGuardSetup.exe Moved to quarantine successfully : F:\watermark-software.exe Moved to quarantine successfully : F:\WMOSetup.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Impossible to vaccinate I:\ : Vaccinated (Vaccin created by Pre_Scan) J:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) O:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 22 | Restored : 22 ~ [Drive I:] : Hidden : 23 | Restored : 23 ~ [Drive K:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 7 | Restored : 7 ~ [Program Files] : Hidden : 4 | Restored : 4 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 6 | Restored : 6 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 54 | Restored : 52 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 135 | Restored : 135 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 End : 12:14:16 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 310