¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_27.04.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 14:43:53

Updated 27/04/2016 | 10.10 by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[Jean-Marie (Administrator)] - [LFSU_P2GO11]
SID = S-1-5-21-1122366093-1039002218-667696633-1001

Boot: Normal boot
System : Windows 10 Home (64 bits) Core 
ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics
Identifier : AMD64 Family 20 Model 2 Stepping 0
CoreTemp : -1 Celsius - Max :  Celsius

Memory RAM = Total (MB) : 3748 | Free (MB) : 2719
Pagefile = Total (MB) : 4157 | Free (MB) : 3039
Virtual = Total (MB) : 4194 | Free (MB) : 3969

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

I:\-> [Fixed] | [my disk] | Total : 931.48 Go | Free : 58.47 Go -> NTFS [USB]
H:\-> [CDROM] | [Christian-S Win8.1 X64] | Total : 0.59 Go | Free : 0 Go -> UDF [USB]
G:\-> [Removable] | [] | Total : 30.02 Go | Free : 4.95 Go -> FAT32 [USB]
F:\-> [CDROM] | [Disc] | Total : 0.51 Go | Free : 0 Go -> CDFS [SATA]
E:\-> [Removable] | [kenny kruge] | Total : 476.7 Go | Free : 132.08 Go -> exFAT [USB]
D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.54 Go -> NTFS [SATA]
C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 856.94 Go -> NTFS [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates

No detected update !!! 

Microsoft : +


¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\ServiceProfiles\LocalService
C:\WINDOWS\ServiceProfiles\NetworkService
C:\Users\Jean-Marie

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [17.05.2016 @ 14_36_09])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.10586.20     (© Microsoft Corporation.)
GC : 50.0.2661.102     (Copyright 2015 Google Inc.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 21.0.0.242

���������� # Security

AV : Windows Defender Disabled
AS : Windows Defender Disabled
AM : Malwarebytes Anti-Malware   (2.3.173.0)     []
FW : 
WMI : OK
WU: Windows Update Service [Auto(2)] = Running
AS: Windows Defender [Manual(3)] = stopped
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1304 | [Owner :  |Parent : 756] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
1464 | [Owner :  |Parent : 1304] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
1800 | [Owner :  |Parent : 756] - (.SurfRight B.V. - HitmanPro Scheduler.) - (3.7.0.5) = C:\Program Files\HitmanPro\hmpsched.exe
1984 | [Owner :  |Parent : 756] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe
2176 | [Owner : SERVICE LOCAL |Parent : 1032] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe
2368 | [Owner : Système |Parent : 756] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
2380 | [Owner : Système |Parent : 756] - (.Microsoft Corp. - Bing Desktop updating service.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
2476 | [Owner : Système |Parent : 756] - (.IObit - Product Updater.) - (2.1.6.1447) = C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
2604 | [Owner : Système |Parent : 756] - (.Wondershare - Wondershare AppService.) - (2.1.6.0) = C:\Program Files (x86)\Wondershare\WAF\2.1.6.0\WsAppService.exe
2632 | [Owner : Système |Parent : 756] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe
2688 | [Owner : Système |Parent : 756] - (.SEIKO EPSON CORPORATION - MyEpson Portal Service.) - (1.1.2.0) = C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
3632 | [Owner : Système |Parent : 2688] - (.Microsoft Corporation - Print driver host for applications.) - (10.0.10586.0) = C:\Windows\splwow64.exe
1052 | [Owner : Jean-Marie |Parent : 448] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe
1112 | [Owner : Jean-Marie |Parent : 448] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe
3236 | [Owner : Jean-Marie |Parent : 2820] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.306) = C:\Windows\explorer.exe
3984 | [Owner : Jean-Marie |Parent : 852] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe
3016 | [Owner : Jean-Marie |Parent : 1800] - (.SurfRight B.V. - HitmanPro 3.7.) - (3.7.14.265) = C:\Program Files\HitmanPro\HitmanPro.exe
4124 | [Owner : Jean-Marie |Parent : 2688] - (.SEIKO EPSON CORPORATION - MyEpson Portal.) - (1.1.2.2) = C:\Program Files (x86)\EPSON\MyEpson Portal\mep.exe
4152 | [Owner : Système |Parent : 448] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (10.0.10586.0) = C:\Windows\System32\taskeng.exe
4256 | [Owner : Système |Parent : 4152] - (.Google Inc. - Programme d'installation de Google.) - (1.3.29.5) = C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
4392 | [Owner : LogonSessionId_0_315565 |Parent : 756] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe
4956 | [Owner : Jean-Marie |Parent : 4124] - (.Microsoft Corporation - Print driver host for applications.) - (10.0.10586.0) = C:\Windows\splwow64.exe
5008 | [Owner : Jean-Marie |Parent : 852] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.306) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
3336 | [Owner : Jean-Marie |Parent : 3236] - (.Ashampoo Development GmbH & Co. KG - Ashampoo Anti-Virus.) - (1.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Anti-Virus\AAV_Guard.exe
656 | [Owner : Jean-Marie |Parent : 3236] - (.ClevX, LLC - ClevX USB Monitor.) - (3.0.0.0) = C:\Users\Jean-Marie\AppData\Local\Temp\{438E237C-C9D2-4803-A1FE-EE77D929E548}\USBListener.exe
3604 | [Owner : Jean-Marie |Parent : 3236] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) - (8.0.0.0) = C:\Windows\System32\spool\drivers\x64\3\E_IATILPE.EXE
2436 | [Owner : Jean-Marie |Parent : 2768] - (.Nico Mak Computing - File Association Helper.) - (2.0.62.40300) = C:\Program Files\WinZip\FAHWindow64.exe
1472 | [Owner : Jean-Marie |Parent : 3236] - (.Nico Mak Computing - WinZip Update Notifier.) - (1.0.0.0) = C:\Program Files\WinZip\WZUpdateNotifier.exe
3596 | [Owner : Jean-Marie |Parent : 1912] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
4588 | [Owner : Jean-Marie |Parent : 4516] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
1028 | [Owner : Jean-Marie |Parent : 3236] - (.WinZip Computing, S.L. - WinZip Preloader.) - (20.0.11661.0) = C:\Program Files\WinZip\WzPreloader.exe
3708 | [Owner : Jean-Marie |Parent : 448] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe
716 | [Owner : Jean-Marie |Parent : 4516] - (.Wondershare - Wondershare Studio.) - (2.3.5.0) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
3248 | [Owner : Jean-Marie |Parent : 4516] - (.iSkySoft - iSkySoft Studio.) - (2.3.5.0) = C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
776 | [Owner : Jean-Marie |Parent : 4516] - (.Zemana Ltd. - Zemana AntiLogger Free.) - (1.8.2.320) = C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
4360 | [Owner : Jean-Marie |Parent : 4312] - (.Piriform Ltd - CCleaner.) - (5.17.0.5590) = C:\Program Files\CCleaner\CCleaner64.exe
1844 | [Owner : Système |Parent : 756] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (7.1.0.595) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusService.exe
5232 | [Owner : Jean-Marie |Parent : 4516] - (.CyberLink Corp. - CyberLink YouCam Service.) - (6.0.2326.0) = C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
5348 | [Owner : Jean-Marie |Parent : 4516] - (. - DivX Update.) - (1.0.6.88) = C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
5364 | [Owner : Jean-Marie |Parent : 3596] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5532 | [Owner : Jean-Marie |Parent : 4516] - (.CyberLink Corp. - CyberLink VideoMeetingPlus Service.) - (1.0.1402.0) = C:\Program Files (x86)\CyberLink\VideoMeetingPlus\VideoMeetingPlusService.exe
5620 | [Owner : Jean-Marie |Parent : 4516] - (.CyberLink Corp. - CyberLink YouCam Service.) - (7.0.1511.0) = C:\Program Files (x86)\CyberLink\YouCam7\YouCamService7.exe
5844 | [Owner : Jean-Marie |Parent : 4516] - (.SEIKO EPSON CORPORATION - EEventManager Application.) - (3.2.0.0) = C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
5936 | [Owner : Système |Parent : 756] - (.CyberLink - CyberLink RichVideo Module.) - (2.0.0.9525) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe
5268 | [Owner : Jean-Marie |Parent : 756] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe
3892 | [Owner : LogonSessionId_0_596954 |Parent : 756] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.10586.162) = C:\Program Files\Windows Media Player\wmpnetwk.exe
2828 | [Owner : Jean-Marie |Parent : 3236] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (7.1.0.595) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
4624 | [Owner : Système |Parent : 4392] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10586.0) = C:\Windows\System32\SearchProtocolHost.exe
4388 | [Owner : Système |Parent : 4392] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10586.0) = C:\Windows\System32\SearchFilterHost.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe -> C:\WINDOWS\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

�


¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center




¤¤¤¤¤¤¤¤¤¤ # Services


Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer

Deleted : [HKU\S-1-5-21-1122366093-1039002218-667696633-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]~[Proxyserver] : http=127.0.0.1:8888;https=127.0.0.1:8888
Repaired : [HKU\S-1-5-21-1122366093-1039002218-667696633-1001\Software\Microsoft\Windows\CurrentVersion\Internet settings]~[ProxyEnable] : 1 -> 0

¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry


Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I0WOVBW.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I19T3M0.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I1QWHGM.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I3OI29W.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I431KSJ.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I4WDL6Q.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I5G5GLT.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I6ES54W.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I8VWNM2.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I92I7X7.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$I9TRLE5.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IC0TRI0.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ICDU693.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ICEJ2OF.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ICWMQF4.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IE5B3QT.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IE8FGQ8.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IF49S9G.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IGA1W8Z.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IGPTNKT.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IH7HCOJ.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IJ2LZN9.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IJUN4F5.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ILQNUNP.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ILT8DVC.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IMPSC08.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IMXL659.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IO4N0HA.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IQ0YRZA.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IQ5FQTR.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IQTCUGQ.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IR57D05.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ISWIN8A.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$ISYGW13.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IU2ARLY.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IUNE6C7.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IUTZ3B5.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IV431TA.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IWQSWR6.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IX0TJA3.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IX2ZVKQ.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IXB716A.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IYZ19CX.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IZ78GZ6.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$IZNTLA3.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R0WOVBW.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R19T3M0.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R1QWHGM.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R3OI29W.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R431KSJ.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R4WDL6Q.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R5G5GLT.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R6ES54W.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R8VWNM2.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R92I7X7.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$R9TRLE5.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RC0TRI0.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RCDU693.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RCEJ2OF.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RCWMQF4.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RE5B3QT.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RE8FGQ8.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RF49S9G.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RGA1W8Z.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RGPTNKT.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RH7HCOJ.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RJ2LZN9.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RJUN4F5.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RLQNUNP.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RLT8DVC.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RMPSC08.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RMXL659.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RO4N0HA.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RQ0YRZA.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RQ5FQTR.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RQTCUGQ.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RR57D05.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RSWIN8A.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RSYGW13.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RU2ARLY.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RUNE6C7.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RUTZ3B5.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RV431TA.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RWQSWR6.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RX0TJA3.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RX2ZVKQ.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RXB716A.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RYZ19CX.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RZ78GZ6.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1122366093-1039002218-667696633-1001\$RZNTLA3.exe
Deleted : HKU\S-1-5-18\Software\Locky
Deleted : HKU\S-1-5-18\Software\Nico Mak Computing
Deleted : HKU\S-1-5-21-1122366093-1039002218-667696633-1001_Classes\Software\Locky
Deleted : HKU\S-1-5-21-1122366093-1039002218-667696633-1001\Software\Locky
Deleted : HKU\S-1-5-21-1122366093-1039002218-667696633-1001\Software\Nico Mak Computing
Deleted : HKU\S-1-5-20\Software\Locky
Deleted : HKU\S-1-5-19\Software\Locky
Deleted : HKLM\Software\Nico Mak Computing
Deleted : HKLM\Software\WOW6432Node\Nico Mak Computing

Deleted : [HKU\S-1-5-21-1122366093-1039002218-667696633-1001\Software\Microsoft\Windows\CurrentVersion\Run]~[DAEMON Tools Pro Agent] : "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Local\Nico Mak Computing
Moved to quarantine successfully  : I:\avremover_nt64_enu.exe
Moved to quarantine successfully  : I:\CleProductKey.exe
Moved to quarantine successfully  : I:\clipgrab-3.5.6.exe
Moved to quarantine successfully  : I:\decrypt_nemucod.exe
Moved to quarantine successfully  : I:\JRT.exe
Moved to quarantine successfully  : I:\MCShield-Setup.exe
Moved to quarantine successfully  : G:\CleProductKey.exe
Moved to quarantine successfully  : G:\clipgrab-3.5.6.exe
Moved to quarantine successfully  : G:\decrypt_nemucod.exe
Moved to quarantine successfully  : G:\JRT.exe
Moved to quarantine successfully  : G:\MCShield-Setup.exe
Moved to quarantine successfully  : G:\avremover_nt64_enu.exe
Moved to quarantine successfully  : G:\Télécharger votre commande_32136625.exe
Moved to quarantine successfully  : E:\CleProductKey.exe
Moved to quarantine successfully  : E:\clipgrab-3.5.6.exe
Moved to quarantine successfully  : E:\decrypt_nemucod.exe
Moved to quarantine successfully  : E:\JRT.exe
Moved to quarantine successfully  : E:\MCShield-Setup.exe
Moved to quarantine successfully  : E:\avremover_nt64_enu.exe
Moved to quarantine successfully  : E:\Start Commandline Scanner.exe
Moved to quarantine successfully  : E:\Start Emergency Kit Scanner.exe
Moved to quarantine successfully  : E:\Start.exe

¤¤¤¤¤¤¤¤¤¤ # ADS


Prefetch -> cleaned


D:\ : Vaccinated (Vaccin created by Pre_Scan)
E:\ : Vaccinated (Vaccin created by Usbfix)
G:\ : Vaccinated (Vaccin created by Pre_Scan)
I:\ : Vaccinated (Vaccin created by Pre_Scan)

���������� | Hidden files

~ [Drive D:] : Hidden : 2 | Restored : 2
~ [Drive E:] : Hidden : 3 | Restored : 3
~ [Drive G:] : Hidden : 1 | Restored : 1
~ [Drive C:] : Hidden : 2 | Restored : 2
~ [Program Files] : Hidden : 1 | Restored : 1
~ [Documents] : Hidden : 3 | Restored : 3
~ [Windows] : Hidden : 18 | Restored : 15
~ [AppData] : Hidden : 4 | Restored : 4


¤¤¤¤¤¤¤¤¤¤ # Drives

 Disk: 0   Size=954G
 Pos MBRndx Type/Name  Size Active Hide Start Sector   Sectors
 --- ------ ---------- ---- ------ ---- ------------ ------------
  0    0    EE-UNKNWN  21.0T   No    No             1  294,967,295

¤¤¤¤¤¤¤¤¤¤

Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1
Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1

End : 16:49:08


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 341