¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_09.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 07:46:24 Updated 09/06/2016 | 11.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-9LM40BG] SID = S-1-5-21-2956268689-1280340557-608612402-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2440 Pagefile = Total (MB) : 5189 | Free (MB) : 3876 Virtual = Total (MB) : 4194 | Free (MB) : 3980 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives M:\-> [Removable] | [] | Total : 30.02 Go | Free : 1.96 Go -> FAT32 [USB] L:\-> [Fixed] | [power2go 11] | Total : 120.33 Go | Free : 0.27 Go -> NTFS [USB] K:\-> [Fixed] | [lfsultra rebit6pro dtpro7 p2go11] | Total : 326.39 Go | Free : 13.51 Go -> NTFS [USB] J:\-> [Removable] | [CARTE MICRO] | Total : 7.2 Go | Free : 7.2 Go -> FAT32 [USB] H:\-> [Fixed] | [my disk] | Total : 931.48 Go | Free : 3.25 Go -> NTFS [USB] F:\-> [Removable] | [carbide sli] | Total : 476.7 Go | Free : 46.25 Go -> exFAT [USB] E:\-> [CDROM] | [disks managers] | Total : 1.82 Go | Free : 0 Go -> UDF [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.98 Go | Free : 860.99 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [11.06.2016 @ 07_39_07]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.0 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 19.0.0.226 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1304 | [Owner : |Parent : 696] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1384 | [Owner : |Parent : 1304] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1700 | [Owner : |Parent : 696] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 1740 | [Owner : |Parent : 1700] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 1820 | [Owner : |Parent : 696] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.0) = C:\Windows\System32\spoolsv.exe 1900 | [Owner : SERVICE LOCAL |Parent : 588] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 2188 | [Owner : Système |Parent : 696] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2196 | [Owner : Système |Parent : 696] - (.Microsoft Corp. - Bing Desktop updating service.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe 2280 | [Owner : Système |Parent : 696] - (. - Service.) - (2.0.0.0) = C:\Users\jean-\AppData\Roaming\SafetyBrowsing\mainservice_sb.exe 2488 | [Owner : Système |Parent : 696] - (.TechSmith Corporation - TechSmith Uploader Service.) - (5.0.6.303) = C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe 4044 | [Owner : jean- |Parent : 356] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 4084 | [Owner : jean- |Parent : 356] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe 1780 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 1716 | [Owner : jean- |Parent : 708] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.0) = C:\Windows\explorer.exe 4168 | [Owner : jean- |Parent : 808] - (. - .) - (10.1.2123.36) = C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 4196 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.10586.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 4468 | [Owner : jean- |Parent : 2280] - (.Balmain Management Ltd - Safety Browsing.) - (2.1.0.4) = C:\Users\jean-\AppData\Roaming\SafetyBrowsing\sb_core.exe 4568 | [Owner : LogonSessionId_0_252848 |Parent : 696] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.0) = C:\Windows\System32\SearchIndexer.exe 4760 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5552 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10586.0) = C:\Windows\System32\SettingSyncHost.exe 5736 | [Owner : jean- |Parent : 1716] - (. - .) - (11.11.898.9090) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.11.898.9090\AdAwareTray.exe 5744 | [Owner : jean- |Parent : 1716] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6390.509) = C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe 5836 | [Owner : jean- |Parent : 1716] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) - (10.0.2522.0) = C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe 6044 | [Owner : jean- |Parent : 1716] - (.BitTorrent Inc. - BitTorrent.) - (7.9.7.42331) = C:\Users\jean-\AppData\Roaming\BitTorrent\BitTorrent.exe 6140 | [Owner : Système |Parent : 684] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.0) = C:\Windows\System32\fontdrvhost.exe 4284 | [Owner : jean- |Parent : 1716] - (.TechSmith Corporation - Snagit.) - (13.0.0.6248) = C:\Program Files (x86)\TechSmith\Snagit 13\Snagit32.exe 3184 | [Owner : jean- |Parent : 2232] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 6160 | [Owner : jean- |Parent : 6004] - (.Wondershare - Wondershare Studio.) - (2.3.0.1) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 6200 | [Owner : jean- |Parent : 6004] - (.CyberLink - CyberLink MediaLibray Service.) - (10.0.0.1725) = C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe 6244 | [Owner : jean- |Parent : 6004] - (.CyberLink Corp. - CyberLink VideoMeeting+/PresenterLink+ Service.) - (1.0.1726.0) = C:\Program Files (x86)\CyberLink\Shared files\VMXPLXShare\Service\VMXPLXService.exe 6316 | [Owner : jean- |Parent : 6004] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 6656 | [Owner : jean- |Parent : 3184] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 2792 | [Owner : jean- |Parent : 4284] - (.TechSmith Corporation - Snagit Editor.) - (13.0.0.6248) = C:\Program Files (x86)\TechSmith\Snagit 13\SnagitEditor.exe 6700 | [Owner : jean- |Parent : 696] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe 2972 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe 6904 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.10586.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 3256 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Browser_Broker.) - (11.0.10586.0) = C:\Windows\System32\browser_broker.exe 4696 | [Owner : jean- |Parent : 1780] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.10586.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 1792 | [Owner : jean- |Parent : 5252] - (.DVDVideoSoft_DLM - DVDVideoSoft.) - (0.0.0.0) = C:\Users\jean-\Downloads\FreeYouTubeToMP3Converter_4.1.20.607.exe 4964 | [Owner : jean- |Parent : 456] - (.Microsoft Corporation - Outil FONDUE (Features on Demand User Experience) Windows.) - (10.0.10586.0) = C:\Windows\SysWOW64\Fondue.exe 2380 | [Owner : jean- |Parent : 6848] - (.Microsoft Corporation - Outil FONDUE (Features on Demand User Experience) Windows.) - (10.0.10586.0) = C:\Windows\SysWOW64\Fondue.exe 2724 | [Owner : jean- |Parent : 5592] - (.Microsoft Corporation - Outil FONDUE (Features on Demand User Experience) Windows.) - (10.0.10586.0) = C:\Windows\SysWOW64\Fondue.exe 2512 | [Owner : jean- |Parent : 4964] - (.Microsoft Corporation - Outil FONDUE (Features on Demand User Experience) Windows.) - (10.0.10586.0) = C:\Windows\System32\Fondue.exe 776 | [Owner : jean- |Parent : 2380] - (.Microsoft Corporation - Outil FONDUE (Features on Demand User Experience) Windows.) - (10.0.10586.0) = C:\Windows\System32\Fondue.exe 4996 | [Owner : jean- |Parent : 2724] - (.Microsoft Corporation - Outil FONDUE (Features on Demand User Experience) Windows.) - (10.0.10586.0) = C:\Windows\System32\Fondue.exe 3976 | [Owner : LogonSessionId_0_2883004 |Parent : 696] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.10586.0) = C:\Windows\servicing\TrustedInstaller.exe 5212 | [Owner : Système |Parent : 808] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.10586.0) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10586.0_none_95e4f9a171a1ad95\TiWorker.exe 4404 | [Owner : jean- |Parent : 2512] - (.Microsoft Corporation - Fonctionnalités de Windows.) - (10.0.10586.0) = C:\Windows\System32\OptionalFeatures.exe 6252 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Fonctionnalités de Windows.) - (10.0.10586.0) = C:\Windows\System32\OptionalFeatures.exe 7132 | [Owner : jean- |Parent : 4996] - (.Microsoft Corporation - Fonctionnalités de Windows.) - (10.0.10586.0) = C:\Windows\System32\OptionalFeatures.exe 2960 | [Owner : jean- |Parent : 1780] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.10586.0) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 604 | [Owner : Système |Parent : 356] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (10.0.10586.0) = C:\Windows\System32\taskeng.exe 6800 | [Owner : LogonSessionId_0_4127688 |Parent : 696] - (.Microsoft Corporation - Service de cliché instantané de volumes Microsoft®.) - (10.0.10586.0) = C:\Windows\System32\VSSVC.exe 4452 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.0) = C:\Windows\explorer.exe 3928 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Background Task Host.) - (10.0.10586.0) = C:\Windows\System32\backgroundTaskHost.exe 7144 | [Owner : |Parent : 696] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.0) = C:\Program Files\Windows Defender\MsMpEng.exe 7352 | [Owner : |Parent : 696] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.9.10586.0) = C:\Program Files\Windows Defender\NisSrv.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of M:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-2956268689-1280340557-608612402-1001\Software\undefined Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe Moved to quarantine successfully : K:\isotousb_setup.exe Moved to quarantine successfully : H:\wlsetup-web.exe Moved to quarantine successfully : F:\WHKSetup.exe Moved to quarantine successfully : F:\PresenterLinkPlus_160527_Beta_PLX160107-01.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) F:\ : Vaccinated (Vaccin created by Usbfix) H:\ : Vaccinated (Vaccin created by Usbfix) J:\ : Vaccinated (Vaccin created by Usbfix) K:\ : Impossible to vaccinate L:\ : Vaccinated (Vaccin created by Usbfix) ���������� | Hidden files ~ [Drive D:] : Hidden : 3 | Restored : 3 ~ [Drive F:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 2 | Restored : 2 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 46 | Restored : 44 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 141 | Restored : 141 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 12:28:19 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 253