¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_29.02.2015.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 10:34:20 Updated 29/02/2016 | 15.35 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_ULTRA] SID = S-1-5-21-3331589601-751847041-4288644589-1001 Boot: SafeMode with network System : Windows 8 (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 3165 Pagefile = Total (MB) : 4157 | Free (MB) : 3633 Virtual = Total (MB) : 4194 | Free (MB) : 3964 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\SetupComplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives X:\-> [Fixed] | [dt pro7 image catalog] | Total : 112.64 Go | Free : 75.79 Go -> NTFS [USB] W:\-> [Removable] | [STORE N GO] | Total : 57.63 Go | Free : 31.14 Go -> FAT32 [USB] V:\-> [Removable] | [sandisk con] | Total : 119.04 Go | Free : 111.36 Go -> exFAT [USB] U:\-> [Removable] | [boite à meuh - u mortar de cewbé] | Total : 57.66 Go | Free : 32.41 Go -> NTFS [USB] T:\-> [Fixed] | [power2go 11 utilities] | Total : 54.43 Go | Free : 50.32 Go -> NTFS [USB] S:\-> [Fixed] | [lfsultra rebit6pro dtpro7 p2go11] | Total : 297.22 Go | Free : 58.09 Go -> NTFS [USB] R:\-> [Fixed] | [sosvirus, usbfix, bitdefender] | Total : 23.97 Go | Free : 21.12 Go -> NTFS [USB] Q:\-> [Fixed] | [power2go11 setup] | Total : 0.04 Go | Free : 0.03 Go -> NTFS [USB] P:\-> [Fixed] | [reason setup disc] | Total : 0.04 Go | Free : 0 Go -> NTFS [USB] O:\-> [Fixed] | [barrow & ushuaïa] | Total : 249.26 Go | Free : 170.23 Go -> NTFS [USB] N:\-> [Fixed] | [impro-folder m-sand wireless sti] | Total : 38.34 Go | Free : 31.63 Go -> NTFS [USB] M:\-> [Fixed] | [emsisoft & portableapps] | Total : 38.76 Go | Free : 37.73 Go -> NTFS [USB] L:\-> [Fixed] | [copy of P] | Total : 579.59 Go | Free : 0.82 Go -> NTFS [USB] K:\-> [Removable] | [BELGE AD-AW] | Total : 0.58 Go | Free : 0.58 Go -> FAT32 [USB] J:\-> [Removable] | [i de l'e-cew'tal a cgu a'suir] | Total : 57.64 Go | Free : 33.06 Go -> NTFS [USB] I:\-> [CDROM] | [Verbatim] | Total : 0.01 Go | Free : 0 Go -> UDF [USB] F:\-> [Removable] | [carbide slim] | Total : 476.71 Go | Free : 160.85 Go -> NTFS [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 0.38 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.98 Go | Free : 857.59 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Next search : 2016-03-06 11:54:14 Microsoft : + Windows 8.1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [06.03.2016 @ 10_21_22]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 10.0.9200.16384 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 20.0.0.267 ���������� # Security AV : Emsisoft Anti-Malware Disabled AM : Malwarebytes Anti-Malware (2.3.125.0) [] FW : K7TotalSecurity Enabled WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1064 | [Owner : |Parent : 924] - (.AMD - AMD External Events Service Module.) - (6.14.11.1126) = C:\Windows\System32\atiesrxx.exe 1400 | [Owner : |Parent : 1064] - (.AMD - AMD External Events Client Module.) - (6.14.11.1126) = C:\Windows\System32\atieclxx.exe 1596 | [Owner : |Parent : 924] - (.Emsisoft Ltd - Emsisoft Protection Service.) - (10.0.0.5735) = C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe 1948 | [Owner : |Parent : 924] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.2.9200.16384) = C:\Windows\System32\spoolsv.exe 1812 | [Owner : Système |Parent : 924] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe 2112 | [Owner : Système |Parent : 924] - (.COMODO Security Solutions - COMODO COSService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\COSService.exe 2232 | [Owner : Système |Parent : 924] - (.Avanquest Software - MXTask Background Service.) - (10.4.1.2) = C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe 2268 | [Owner : SERVICE LOCAL |Parent : 1436] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\dasHost.exe 2656 | [Owner : Système |Parent : 924] - (.pdfforge GmbH - PDF Architect 4.) - (1.0.0.0) = C:\Program Files\PDF Architect 4\creator-ws.exe 2748 | [Owner : Système |Parent : 924] - (.Rebit, Inc. - Rebit Pro Backup Service.) - (5.1.3001.14505) = C:\Program Files\Rebit\Rebit Pro\Rebit-Pro-Svc.exe 2840 | [Owner : Système |Parent : 924] - (.Reason Software Company Inc. - Reason Core Security Engine Service.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineSvc.exe 2968 | [Owner : Système |Parent : 924] - (.COMODO Security Solutions - COMODO SynchronizationService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\SynchronizationService.exe 240 | [Owner : Système |Parent : 2232] - (.Avanquest Software - MXTask Background User Process.) - (10.3.3.4) = C:\PROGRA~2\AVANQU~1\Fix-It\MXTask2.exe 4844 | [Owner : Jean-Marie |Parent : 924] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhostex.exe 2180 | [Owner : Jean-Marie |Parent : 1684] - (.Zemana - Zemana Scheduler.) - (3.7.0.5) = C:\Program Files\Zemana AntiMalware\zemsched.exe 2784 | [Owner : Jean-Marie |Parent : 4980] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 4996 | [Owner : Jean-Marie |Parent : 388] - (.Microsoft Corporation - Communications Service.) - (16.4.4206.722) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe 1000 | [Owner : Jean-Marie |Parent : 388] - (.Microsoft Corporation - Runtime Broker.) - (6.2.9200.16384) = C:\Windows\System32\RuntimeBroker.exe 1140 | [Owner : Jean-Marie |Parent : 2784] - (. - .) - (0.0.0.0) = C:\Users\Jean-Marie\AppData\Roaming\Dashlane\Dashlane.exe 4880 | [Owner : Jean-Marie |Parent : 1140] - (. - .) - (0.0.0.0) = C:\Users\JEAN-M~1\AppData\Roaming\Dashlane\DashlanePlugin.exe 4860 | [Owner : Jean-Marie |Parent : 2784] - (.Malwarebytes - Malwarebytes Anti-Ransomware.) - (1.0.0.135) = C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe 5496 | [Owner : Jean-Marie |Parent : 4696] - (.Emsisoft Ltd - Emsisoft Real-Time Protection.) - (10.0.0.5735) = C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe 5736 | [Owner : Système |Parent : 924] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) - (3.1.2850.0) = C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe 5552 | [Owner : Système |Parent : 4544] - (.Panda Security - USB Vaccine.) - (1.0.1.16) = C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe 4936 | [Owner : Jean-Marie |Parent : 5304] - (.Piriform Ltd - CCleaner.) - (5.9.0.5343) = C:\Program Files\CCleaner\CCleaner64.exe 2860 | [Owner : Jean-Marie |Parent : 388] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.2.9200.16384) = C:\Windows\System32\wbem\unsecapp.exe 5420 | [Owner : SERVICE LOCAL |Parent : 924] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhost.exe 1388 | [Owner : Jean-Marie |Parent : 924] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhost.exe 5524 | [Owner : Jean-Marie |Parent : 2784] - (.Auslogics - BoostSpeed.) - (8.2.0.0) = C:\Program Files (x86)\Auslogics\BoostSpeed\BoostSpeed.exe 1964 | [Owner : SERVICE LOCAL |Parent : 1436] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 5884 | [Owner : Jean-Marie |Parent : 5524] - (.Auslogics - Frame Applet Proxy.) - (1.0.0.0) = C:\Program Files (x86)\Auslogics\BoostSpeed\FrameAppletProxy.exe 4700 | [Owner : Jean-Marie |Parent : 5524] - (.Auslogics - Frame Applet Proxy.) - (1.0.0.0) = C:\Program Files (x86)\Auslogics\BoostSpeed\FrameAppletProxy.exe 5304 | [Owner : Jean-Marie |Parent : 2784] - (.SosVirus - QuickDiag.) - (3.3.2016.2) = C:\Users\Jean-Marie\Desktop\quickdiag_2_03.03.2016.2.exe 2876 | [Owner : Système |Parent : 2840] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 4084 | [Owner : Système |Parent : 2876] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 3452 | [Owner : Système |Parent : 2840] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 5244 | [Owner : Système |Parent : 3452] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 6120 | [Owner : Système |Parent : 2840] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 3492 | [Owner : Système |Parent : 6120] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 4576 | [Owner : Jean-Marie |Parent : 5304] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (6.2.9200.16384) = C:\Windows\System32\cmd.exe 5312 | [Owner : Jean-Marie |Parent : 4576] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 1116 | [Owner : |Parent : 796] - (.AMD - AMD External Events Service Module.) - (6.14.11.1126) = C:\Windows\System32\atiesrxx.exe 1416 | [Owner : |Parent : 1116] - (.AMD - AMD External Events Client Module.) - (6.14.11.1126) = C:\Windows\System32\atieclxx.exe 1604 | [Owner : |Parent : 796] - (.Emsisoft Ltd - Emsisoft Protection Service.) - (10.0.0.5735) = C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe 1976 | [Owner : |Parent : 796] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.2.9200.16384) = C:\Windows\System32\spoolsv.exe 1836 | [Owner : Système |Parent : 796] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe 2088 | [Owner : Système |Parent : 796] - (.COMODO Security Solutions - COMODO COSService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\COSService.exe 2176 | [Owner : Système |Parent : 796] - (.Avanquest Software - MXTask Background Service.) - (10.4.1.2) = C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe 2192 | [Owner : SERVICE LOCAL |Parent : 1456] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\dasHost.exe 2404 | [Owner : Système |Parent : 796] - (.Malwarebytes - MBAM Service.) - (3.0.0.511) = C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe 2664 | [Owner : Système |Parent : 796] - (.pdfforge GmbH - PDF Architect 4.) - (1.0.0.0) = C:\Program Files\PDF Architect 4\creator-ws.exe 2764 | [Owner : Système |Parent : 796] - (.Rebit, Inc. - Rebit Pro Backup Service.) - (5.1.3001.14505) = C:\Program Files\Rebit\Rebit Pro\Rebit-Pro-Svc.exe 2812 | [Owner : Système |Parent : 796] - (.Reason Software Company Inc. - Reason Core Security Engine Service.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineSvc.exe 2924 | [Owner : Système |Parent : 796] - (.COMODO Security Solutions - COMODO SynchronizationService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\SynchronizationService.exe 3636 | [Owner : SERVICE LOCAL |Parent : 1456] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe 4364 | [Owner : Système |Parent : 796] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.9200.16384) = C:\Windows\System32\msiexec.exe 4936 | [Owner : Jean-Marie |Parent : 796] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhostex.exe 5024 | [Owner : Système |Parent : 2176] - (.Avanquest Software - MXTask Background User Process.) - (10.3.3.4) = C:\PROGRA~2\AVANQU~1\Fix-It\MXTask2.exe 5104 | [Owner : Jean-Marie |Parent : 5008] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 4248 | [Owner : Jean-Marie |Parent : 1732] - (.Zemana - Zemana Scheduler.) - (3.7.0.5) = C:\Program Files\Zemana AntiMalware\zemsched.exe 4544 | [Owner : Jean-Marie |Parent : 956] - (.Microsoft Corporation - Communications Service.) - (16.4.4206.722) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe 1276 | [Owner : Jean-Marie |Parent : 956] - (.Microsoft Corporation - Runtime Broker.) - (6.2.9200.16384) = C:\Windows\System32\RuntimeBroker.exe 4576 | [Owner : Jean-Marie |Parent : 5104] - (. - .) - (0.0.0.0) = C:\Users\Jean-Marie\AppData\Roaming\Dashlane\Dashlane.exe 3984 | [Owner : Jean-Marie |Parent : 5104] - (. - .) - (0.0.0.0) = C:\Users\Jean-Marie\AppData\Roaming\Dashlane\DashlanePlugin.exe 248 | [Owner : Jean-Marie |Parent : 5104] - (.Malwarebytes - Malwarebytes Anti-Ransomware.) - (1.0.0.135) = C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe 5192 | [Owner : Jean-Marie |Parent : 1248] - (.Emsisoft Ltd - Emsisoft Real-Time Protection.) - (10.0.0.5735) = C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe 5132 | [Owner : Système |Parent : 4944] - (.Panda Security - USB Vaccine.) - (1.0.1.16) = C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe 5228 | [Owner : Jean-Marie |Parent : 5124] - (.Piriform Ltd - CCleaner.) - (5.9.0.5343) = C:\Program Files\CCleaner\CCleaner64.exe 4280 | [Owner : Jean-Marie |Parent : 956] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.2.9200.16384) = C:\Windows\System32\wbem\unsecapp.exe 1800 | [Owner : Système |Parent : 796] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) - (3.1.2850.0) = C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe 2804 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 4492 | [Owner : Système |Parent : 2804] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 5360 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 1240 | [Owner : Système |Parent : 5360] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 3788 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 2852 | [Owner : Système |Parent : 3788] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 2312 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 4220 | [Owner : Système |Parent : 2312] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 4988 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 6116 | [Owner : Système |Parent : 4988] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 1876 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 6024 | [Owner : Système |Parent : 1876] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 4992 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 4324 | [Owner : Système |Parent : 4992] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 5152 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 4252 | [Owner : Système |Parent : 5152] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 3556 | [Owner : Système |Parent : 2812] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineHelper.exe 1756 | [Owner : Système |Parent : 3556] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (6.2.9200.16384) = C:\Windows\System32\conhost.exe 1124 | [Owner : |Parent : 792] - (.AMD - AMD External Events Service Module.) - (6.14.11.1126) = C:\Windows\System32\atiesrxx.exe 1392 | [Owner : |Parent : 1124] - (.AMD - AMD External Events Client Module.) - (6.14.11.1126) = C:\Windows\System32\atieclxx.exe 1636 | [Owner : |Parent : 792] - (.Emsisoft Ltd - Emsisoft Protection Service.) - (10.0.0.5735) = C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe 1968 | [Owner : |Parent : 792] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.2.9200.16384) = C:\Windows\System32\spoolsv.exe 1832 | [Owner : Système |Parent : 792] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Core Tuner 2\ACT2Service.exe 1860 | [Owner : Système |Parent : 792] - (.COMODO Security Solutions - COMODO COSService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\COSService.exe 2104 | [Owner : Système |Parent : 792] - (.Avanquest Software - MXTask Background Service.) - (10.4.1.2) = C:\PROGRA~2\AVANQU~1\Fix-It\mxtask.exe 2128 | [Owner : SERVICE LOCAL |Parent : 1448] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.2.9200.16384) = C:\Windows\System32\dasHost.exe 2272 | [Owner : Système |Parent : 792] - (.Malwarebytes - MBAM Service.) - (3.0.0.511) = C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe 2452 | [Owner : Système |Parent : 792] - (.pdfforge GmbH - PDF Architect 4.) - (1.0.0.0) = C:\Program Files\PDF Architect 4\creator-ws.exe 2516 | [Owner : Système |Parent : 792] - (.Rebit, Inc. - Rebit Pro Backup Service.) - (5.1.3001.14505) = C:\Program Files\Rebit\Rebit Pro\Rebit-Pro-Svc.exe 2564 | [Owner : Système |Parent : 792] - (.Reason Software Company Inc. - Reason Core Security Engine Service.) - (1.1.1.0) = C:\Program Files\Reason\Security\rsEngineSvc.exe 2712 | [Owner : Système |Parent : 792] - (.COMODO Security Solutions - COMODO SynchronizationService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\SynchronizationService.exe 2732 | [Owner : Système |Parent : 792] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) - (3.1.2850.0) = C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe 2640 | [Owner : Jean-Marie |Parent : 792] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhostex.exe 1508 | [Owner : Système |Parent : 2104] - (.Avanquest Software - MXTask Background User Process.) - (10.3.3.4) = C:\PROGRA~2\AVANQU~1\Fix-It\MXTask2.exe 936 | [Owner : Jean-Marie |Parent : 1732] - (.Zemana - Zemana Scheduler.) - (3.7.0.5) = C:\Program Files\Zemana AntiMalware\zemsched.exe 1412 | [Owner : Jean-Marie |Parent : 4340] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 3172 | [Owner : Jean-Marie |Parent : 964] - (.Microsoft Corporation - Communications Service.) - (16.4.4206.722) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe 3236 | [Owner : Jean-Marie |Parent : 964] - (.Microsoft Corporation - Runtime Broker.) - (6.2.9200.16384) = C:\Windows\System32\RuntimeBroker.exe 4760 | [Owner : Jean-Marie |Parent : 1412] - (. - .) - (0.0.0.0) = C:\Users\Jean-Marie\AppData\Roaming\Dashlane\Dashlane.exe 1556 | [Owner : Jean-Marie |Parent : 1412] - (.Malwarebytes - Malwarebytes Anti-Ransomware.) - (1.0.0.135) = C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe 5108 | [Owner : Jean-Marie |Parent : 4684] - (.Emsisoft Ltd - Emsisoft Real-Time Protection.) - (10.0.0.5735) = C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe 6076 | [Owner : Système |Parent : 3600] - (.Panda Security - USB Vaccine.) - (1.0.1.16) = C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe 48 | [Owner : Jean-Marie |Parent : 3940] - (.Piriform Ltd - CCleaner.) - (5.9.0.5343) = C:\Program Files\CCleaner\CCleaner64.exe 5168 | [Owner : Jean-Marie |Parent : 964] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.2.9200.16384) = C:\Windows\System32\wbem\unsecapp.exe 5336 | [Owner : SERVICE LOCAL |Parent : 792] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhost.exe 6512 | [Owner : Jean-Marie |Parent : 964] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 7796 | [Owner : Jean-Marie |Parent : 6512] - (. - .) - (12.0.0.0) = V:\Download\RogueKillerX64_beta.exe 8056 | [Owner : Jean-Marie |Parent : 792] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.2.9200.16420) = C:\Windows\System32\taskhost.exe 7848 | [Owner : Système |Parent : 2244] - (.K7 Computing Pvt Ltd - K7 TLM Module.) - (12.0.0.9) = C:\Program Files (x86)\K7 Computing\K7TSecurity\K7Tlmtry.exe 7924 | [Owner : Jean-Marie |Parent : 4760] - (. - .) - (0.0.0.0) = C:\Users\JEAN-M~1\AppData\Roaming\Dashlane\DashlanePlugin.exe 1376 | [Owner : Jean-Marie |Parent : 1368] - (.Microsoft Corporation - Explorateur Windows.) - (6.2.9200.16384) = C:\Windows\explorer.exe 1408 | [Owner : Jean-Marie |Parent : 1376] - (.Microsoft Corporation - Chargeur CTF.) - (6.2.9200.16384) = C:\Windows\System32\ctfmon.exe 1216 | [Owner : Jean-Marie |Parent : 1196] - (.Flexera Software, Inc. - InstallShield (R) 64-bit Setup Engine.) - (17.0.0.714) = C:\Users\JEAN-M~1\AppData\Local\Temp\{B9EC003C-F0C4-44BD-B548-652A39CEC992}\ISBEW64.exe 1372 | [Owner : |Parent : 728] - (.Sunbelt Software - Sunbelt Software Anti Malware Service.) - (3.1.2850.0) = C:\Program Files (x86)\Common Files\AntiVirus\SBAMSvc.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Repaired : [HKLM | Minimal\BasicDisplay.sys] : Driver -> Service Repaired : [HKLM | Minimal\BasicRender.sys] : Driver -> Service Repaired : [HKLM | Minimal\dxgkrnl.sys] : Driver -> Service Repaired : [HKLM | Minimal\FsDepends.sys] : Driver -> Service � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of W:\AUTORUN.INF : Content of K:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:DoesNotExist [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKLM\Software\WOW6432Node\tenoras Deleted : [HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]~[AvanquestMainUI] : C:\Program Files (x86)\Avanquest\Fix-It\Fix-It.exe Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[K7TSStart] : C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Local\Temprad4A637.tmp Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Local\TempradB6904.tmp Moved to quarantine successfully : V:\pctrans(3).exe Moved to quarantine successfully : V:\pctrans.exe Moved to quarantine successfully : V:\RepairDNS.exe Moved to quarantine successfully : V:\adsfix_3_27.02.2016.1.exe Moved to quarantine successfully : V:\Turbo_View_Convert_setup_131.exe Moved to quarantine successfully : V:\IDriveWinSetup.exe Moved to quarantine successfully : V:\IDriveWinSetup-1.exe Moved to quarantine successfully : V:\Turbo_View_Convert_setup_131-1.exe Moved to quarantine successfully : V:\filmora_resource.exe Moved to quarantine successfully : V:\filmora_setup_full846.exe Moved to quarantine successfully : V:\filmora_setup_full846(2).exe Moved to quarantine successfully : V:\filmora-romantic-effect-pack.exe Moved to quarantine successfully : V:\filmora_setup_full846(3).exe Moved to quarantine successfully : V:\PDF_Architect_4_Installer.exe Moved to quarantine successfully : V:\sd5-setup-beta.exe Moved to quarantine successfully : V:\free-youtube-downloader_setup_full1378.exe Moved to quarantine successfully : V:\setup-eng-ts.exe Moved to quarantine successfully : V:\disk-defrag-pro-setup.exe Moved to quarantine successfully : V:\setup-eng-ts_1.exe Moved to quarantine successfully : V:\adsfix_3_26.02.2016.1.exe Moved to quarantine successfully : V:\boost-speed-setup.exe Moved to quarantine successfully : V:\winsockfix.exe Moved to quarantine successfully : V:\pctrans(2).exe Moved to quarantine successfully : V:\delfix_1.011(3).exe Moved to quarantine successfully : V:\tenorshare-card-data-recovery-trial.exe Moved to quarantine successfully : V:\tenorshare-fix-genius-trial.exe Moved to quarantine successfully : V:\tenorshare-partition-manager-full.exe Moved to quarantine successfully : U:\USB-to-Cloud.exe Moved to quarantine successfully : R:\60Second_en_us.exe Moved to quarantine successfully : R:\60Second_x64.exe Moved to quarantine successfully : R:\BDAntiCryptoWallSetup.exe Moved to quarantine successfully : R:\BDPUARLauncher.exe Moved to quarantine successfully : R:\BDPUARLauncher_FR.exe Moved to quarantine successfully : R:\BDUSBImmunizerLauncher(1).exe Moved to quarantine successfully : R:\BDUSBImmunizerLauncher.exe Moved to quarantine successfully : R:\BootkitRemoval_x64.exe Moved to quarantine successfully : R:\MKV.exe Moved to quarantine successfully : N:\disk-defrag-pro-setup.exe Moved to quarantine successfully : N:\FileMarker.NET_Pro.exe Moved to quarantine successfully : M:\Start Commandline Scanner.exe Moved to quarantine successfully : M:\Start Emergency Kit Scanner.exe Moved to quarantine successfully : L:\60Second_en_us.exe Moved to quarantine successfully : L:\60Second_x64.exe Moved to quarantine successfully : L:\64bit_Win7_Win8_Win81_Win10_R279.exe Moved to quarantine successfully : L:\action_1_30_0_setup.exe Moved to quarantine successfully : L:\ADD12_trial_fr-FR.exe Moved to quarantine successfully : L:\adksetup.exe Moved to quarantine successfully : L:\advanced-systemcare-free_9-1-0-1090_fr_403234.exe Moved to quarantine successfully : L:\AstroburnLite180-0183.exe Moved to quarantine successfully : L:\AstroburnPro320-0198.exe Moved to quarantine successfully : L:\BDAntiCryptoWallSetup.exe Moved to quarantine successfully : L:\BDPUARLauncher.exe Moved to quarantine successfully : L:\BDPUARLauncher_FR.exe Moved to quarantine successfully : L:\BDUSBImmunizerLauncher(1).exe Moved to quarantine successfully : L:\BDUSBImmunizerLauncher.exe Moved to quarantine successfully : L:\BeeIcSet.exe Moved to quarantine successfully : L:\BootkitRemoval_x64.exe Moved to quarantine successfully : L:\BR_2014_free_fr_x64.exe Moved to quarantine successfully : L:\CCEnhancer-4.4.exe Moved to quarantine successfully : L:\ciscomplete_installer.exe Moved to quarantine successfully : L:\CreezvotresiteInternet2.exe Moved to quarantine successfully : L:\data-recovery_setup_full935.exe Moved to quarantine successfully : L:\DriveSecurity-Installer.exe Moved to quarantine successfully : L:\DriveSecurity.exe Moved to quarantine successfully : L:\DriveSecurityPortable_1.0.paf.exe Moved to quarantine successfully : L:\DSInstall.exe Moved to quarantine successfully : L:\DTPro700-0555p.exe Moved to quarantine successfully : L:\EmsisoftEmergencyKit.exe Moved to quarantine successfully : L:\epm.exe Moved to quarantine successfully : L:\fantashow_full1215.exe Moved to quarantine successfully : L:\file-recovery-setup.exe Moved to quarantine successfully : L:\filmora_setup_full1084.exe Moved to quarantine successfully : L:\Fix_It_Utilities_14_Essentials_14.0.22.2_FRA(1).exe Moved to quarantine successfully : L:\Fix_It_Utilities_14_Essentials_14.0.22.2_FRA(2).exe Moved to quarantine successfully : L:\Fix_It_Utilities_14_Essentials_14.0.22.2_FRA(3).exe Moved to quarantine successfully : L:\Fix_It_Utilities_14_Essentials_14.0.22.2_FRA.exe Moved to quarantine successfully : L:\gup5setup.exe Moved to quarantine successfully : L:\hmpalert-test.exe Moved to quarantine successfully : L:\hmpalert3.exe Moved to quarantine successfully : L:\hmpalert64-test.exe Moved to quarantine successfully : L:\imfv4-setup-rc.exe Moved to quarantine successfully : L:\installboost(1).exe Moved to quarantine successfully : L:\installboost.exe Moved to quarantine successfully : L:\MBARW_Setup.exe Moved to quarantine successfully : L:\MiroConverterSetup.exe Moved to quarantine successfully : L:\mirrorgo_full1949.exe Moved to quarantine successfully : L:\MKV.exe Moved to quarantine successfully : L:\Onekey.exe Moved to quarantine successfully : L:\OUTDATEfighter_Web.exe Moved to quarantine successfully : L:\PAssist_Std.exe Moved to quarantine successfully : L:\PDF_Architect_4_Installer.exe Moved to quarantine successfully : L:\player_full1476.exe Moved to quarantine successfully : L:\pm14free_x64_fr.exe Moved to quarantine successfully : L:\remote_action_pc_1_0_2_setup.exe Moved to quarantine successfully : L:\sd5-setup-beta.exe Moved to quarantine successfully : L:\SecurelyFileShredder_Setup.exe Moved to quarantine successfully : L:\setup.exe Moved to quarantine successfully : L:\ShouldIRemoveIt_Setup.exe Moved to quarantine successfully : L:\sm8-setup.exe Moved to quarantine successfully : L:\spywareblastersetup54.exe Moved to quarantine successfully : L:\unchecky_setup.exe Moved to quarantine successfully : L:\USB-to-Cloud.exe Moved to quarantine successfully : L:\WiseCare365_v4_beta.exe Moved to quarantine successfully : J:\DriveSecurity.exe Moved to quarantine successfully : J:\ESD-MLX5-CodecPack-EN.exe Moved to quarantine successfully : F:\7z.exe Moved to quarantine successfully : F:\DriveSecurity.exe Moved to quarantine successfully : F:\Start Commandline Scanner.exe Moved to quarantine successfully : F:\Start Emergency Kit Scanner.exe Moved to quarantine successfully : F:\USB-to-Cloud.exe Moved to quarantine successfully : F:\7z.dll Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Roaming\WebApp ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) M:\ : Impossible to vaccinate N:\ : Impossible to vaccinate O:\ : Impossible to vaccinate P:\ : Impossible to vaccinate R:\ : Impossible to vaccinate S:\ : Impossible to vaccinate T:\ : Impossible to vaccinate V:\ : Vaccinated (Vaccin created by Pre_Scan) X:\ : Impossible to vaccinate ���������� | Hidden files ~ [Drive D:] : Hidden : 12 | Restored : 12 ~ [Drive F:] : Hidden : 18 | Restored : 18 ~ [Drive J:] : Hidden : 1 | Restored : 1 ~ [Drive L:] : Hidden : 2873 | Restored : 2873 ~ [Drive M:] : Hidden : 1 | Restored : 1 ~ [Drive N:] : Hidden : 5 | Restored : 5 ~ [Drive O:] : Hidden : 1 | Restored : 1 ~ [Drive P:] : Hidden : 1 | Restored : 1 ~ [Drive R:] : Hidden : 2 | Restored : 2 ~ [Drive S:] : Hidden : 563 | Restored : 563 ~ [Drive T:] : Hidden : 533 | Restored : 533 ~ [Drive W:] : Hidden : 3 | Restored : 3 ~ [Drive X:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 9 | Restored : 9 ~ [Program Files] : Hidden : 9 | Restored : 9 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Pictures] : Hidden : 1 | Restored : 1 ~ [Documents] : Hidden : 6 | Restored : 6 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 25 | Restored : 23 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 137 | Restored : 137 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 End : 12:20:12 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 468