¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_02.11.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:24:15 11/11/2016 Updated 02/11/2016 | 19.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFSULTRA-WIDEN] SID = S-1-5-21-1766228302-1366166313-1596766668-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2328 Pagefile = Total (MB) : 4157 | Free (MB) : 2798 Virtual = Total (MB) : 4194 | Free (MB) : 3981 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives X:\-> [Fixed] | [bug a boo] | Total : 464.76 Go | Free : 464.61 Go -> NTFS [USB] P:\-> [Removable] | [ExtremePRO] | Total : 476.65 Go | Free : 370.29 Go -> FAT32 [USB] L:\-> [Fixed] | [otis elevator] | Total : 931.48 Go | Free : 931.27 Go -> NTFS [USB] J:\-> [Fixed] | [WD My Passport 3To] | Total : 2794.49 Go | Free : 246.49 Go -> NTFS [USB] I:\-> [CDROM] | [léa torres des p] | Total : 0 Go | Free : 0 Go -> CDFS [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 868.57 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Jean-Marie C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [11.11.2016 @ 12_21_16]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 23.0.0.207 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled AM : Malwarebytes Anti-Malware (2.3.173.0) [] FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 3104 | [Owner : Jean-Marie |Parent : 528] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 6456 | [Owner : Jean-Marie |Parent : 3244] - (. - UsbFix.) - (9.0.0.1) = C:\Users\Jean-Marie\AppData\Roaming\UsbFix\UsbFix.exe 2228 | [Owner : Jean-Marie |Parent : 680] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 3416 | [Owner : |Parent : 680] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.0) = C:\Windows\System32\spoolsv.exe 5772 | [Owner : LogonSessionId_0_20048120 |Parent : 680] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.0) = C:\Windows\System32\SearchIndexer.exe 6760 | [Owner : LogonSessionId_0_20067212 |Parent : 680] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.14393.0) = C:\Program Files\Windows Media Player\wmpnetwk.exe 4972 | [Owner : Jean-Marie |Parent : 528] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.0) = C:\Windows\explorer.exe 624 | [Owner : Jean-Marie |Parent : 528] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 2500 | [Owner : Jean-Marie |Parent : 4972] - (.Moonchild Productions - Pale Moon web browser.) - (26.5.0.6111) = C:\Program Files\Pale Moon\palemoon.exe 6916 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 6784 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.0) = C:\Windows\explorer.exe 4108 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Paramètres.) - (10.0.14393.0) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe 2440 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.0) = C:\Windows\System32\smartscreen.exe 6712 | [Owner : Jean-Marie |Parent : 6784] - (.Microsoft Corporation - Bloc-notes.) - (10.0.14393.0) = C:\Windows\System32\notepad.exe 1256 | [Owner : Jean-Marie |Parent : 6616] - (.Microsoft Corporation - Microsoft Management Console.) - (10.0.14393.0) = C:\Windows\System32\mmc.exe 4360 | [Owner : LogonSessionId_0_26045239 |Parent : 680] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.14393.0) = C:\Windows\System32\vds.exe 4028 | [Owner : Jean-Marie |Parent : 6784] - (.Microsoft Corporation - Windows Activation.) - (10.0.14393.0) = C:\Windows\System32\changepk.exe 2484 | [Owner : Jean-Marie |Parent : 4972] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe 2892 | [Owner : Jean-Marie |Parent : 2484] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 2320 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.0) = C:\Windows\System32\fontdrvhost.exe 6960 | [Owner : |Parent : 680] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MsMpEng.exe 3184 | [Owner : |Parent : 680] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 204 | [Owner : Jean-Marie |Parent : 4972] - (.CyberLink Corp. - CyberLink Power2Go 11.) - (11.0.1013.0) = C:\Program Files (x86)\CyberLink\Power2Go11\Power2Go.exe 3396 | [Owner : Jean-Marie |Parent : 4972] - (.CyberLink Corp. - CyberLink PowerStarter Main Program.) - (10.0.1.1916) = C:\Program Files (x86)\CyberLink\Media Suite\PS.exe 5476 | [Owner : SERVICE RÉSEAU |Parent : 5360] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MpCmdRun.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-18\Software\Nico Mak Computing Deleted : HKU\S-1-5-21-1766228302-1366166313-1596766668-1001\Software\Nico Mak Computing Deleted : HKLM\Software\Nico Mak Computing Deleted : HKLM\Software\WOW6432Node\Nico Mak Computing Moved to quarantine successfully : J:\ccav_installer.exe Moved to quarantine successfully : J:\devoir.exe Moved to quarantine successfully : J:\epm.exe Moved to quarantine successfully : J:\KCinst.exe Moved to quarantine successfully : J:\processclose_1.0.0.3 (1).exe Moved to quarantine successfully : J:\processclose_1.0.0.3(1).exe Moved to quarantine successfully : J:\processclose_1.0.0.3(2).exe Moved to quarantine successfully : J:\processclose_1.0.0.3.exe Moved to quarantine successfully : C:\Users\Jean-Marie\AppData\Roaming\WebApp ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) J:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) P:\ : Vaccinated (Vaccin created by Pre_Scan) X:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 15 | Restored : 15 ~ [Drive J:] : Hidden : 8 | Restored : 8 ~ [Drive C:] : Hidden : 6 | Restored : 6 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 5 | Restored : 5 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 41 | Restored : 38 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 179 | Restored : 179 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 End : 19:54:32 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 217