¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_02.11.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:22:01 11/20/2016 Updated 02/11/2016 | 19.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-U1QJSI8] SID = S-1-5-21-966990275-2573670917-501581339-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Atom(TM) CPU N450 @ 1.66GHz Identifier : Intel64 Family 6 Model 28 Stepping 10 CoreTemp : 55 Celsius - Max : 100 Celsius Memory RAM = Total (MB) : 1037 | Free (MB) : 373 Pagefile = Total (MB) : 1037 | Free (MB) : 406 Virtual = Total (MB) : 4194 | Free (MB) : 3988 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives O:\-> [Removable] | [PARTED MAGI] | Total : 3.74 Go | Free : 0.43 Go -> FAT32 [USB] N:\-> [Removable] | [CLONEZILLA] | Total : 1.86 Go | Free : 0.2 Go -> FAT32 [USB] L:\-> [Removable] | [séjour pari] | Total : 117.02 Go | Free : 13.86 Go -> exFAT [USB] I:\-> [Removable] | [UUI] | Total : 7.26 Go | Free : 0.26 Go -> FAT32 [USB] H:\-> [Removable] | [PARTED MAGI] | Total : 15 Go | Free : 1.15 Go -> FAT32 [USB] G:\-> [Fixed] | [PARTED MAGI] | Total : 57.89 Go | Free : 38.86 Go -> FAT32 [USB] F:\-> [Removable] | [COMPANION] | Total : 30.02 Go | Free : 1.71 Go -> FAT32 [USB] E:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 50.16 Go -> FAT32 [USB] D:\-> [Removable] | [FRAMAKEY MI] | Total : 14.41 Go | Free : 4.09 Go -> FAT32 [USB] C:\-> [Fixed] | [WinToUSB] | Total : 115.59 Go | Free : 92.13 Go -> NTFS [USB] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [20.11.2016 @ 19_20_04]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10240.16384 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 18.0.0.203 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 3104 | [Owner : jean- |Parent : 900] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10240.16384) = C:\Windows\System32\sihost.exe 5360 | [Owner : SERVICE LOCAL |Parent : 252] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10240.16384) = C:\Windows\System32\WUDFHost.exe 2172 | [Owner : Système |Parent : 628] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10240.16384) = C:\Windows\System32\spoolsv.exe 4516 | [Owner : Système |Parent : 628] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10240.16384) = C:\Windows\System32\SearchIndexer.exe 372 | [Owner : jean- |Parent : 628] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10240.16384) = C:\Windows\System32\svchost.exe 3012 | [Owner : SERVICE LOCAL |Parent : 252] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe 3028 | [Owner : SERVICE LOCAL |Parent : 252] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe 1032 | [Owner : jean- |Parent : 3952] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.10240.16384) = C:\Windows\System32\Taskmgr.exe 6024 | [Owner : jean- |Parent : 900] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe 4136 | [Owner : jean- |Parent : 732] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10240.16384) = C:\Windows\System32\rundll32.exe 5628 | [Owner : jean- |Parent : 1032] - (.Microsoft Corporation - Microsoft Management Console.) - (10.0.10240.16384) = C:\Windows\System32\mmc.exe 1076 | [Owner : jean- |Parent : 732] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10240.16384) = C:\Windows\System32\RuntimeBroker.exe 2768 | [Owner : jean- |Parent : 6024] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareDesktop.exe 5020 | [Owner : jean- |Parent : 608] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10240.16384) = C:\Windows\System32\fontdrvhost.exe 3252 | [Owner : Système |Parent : 628] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MsMpEng.exe 5768 | [Owner : Système |Parent : 628] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.10240.16384) = C:\Windows\servicing\TrustedInstaller.exe 4556 | [Owner : Système |Parent : 732] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.10240.16384) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16384_none_115fd2f761f7c508\TiWorker.exe 1744 | [Owner : SERVICE LOCAL |Parent : 628] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\NisSrv.exe 340 | [Owner : |Parent : 572] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 388 | [Owner : |Parent : 340] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1348 | [Owner : |Parent : 572] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 1436 | [Owner : |Parent : 572] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10240.16384) = C:\Windows\System32\spoolsv.exe 1680 | [Owner : Système |Parent : 572] - (.Microsoft Corp. - Bing Desktop updating service.) - (1.3.470.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe 1728 | [Owner : SERVICE LOCAL |Parent : 8] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe 1264 | [Owner : |Parent : 572] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MsMpEng.exe 2520 | [Owner : SERVICE LOCAL |Parent : 8] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10240.16384) = C:\Windows\System32\WUDFHost.exe 2884 | [Owner : |Parent : 572] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\NisSrv.exe 892 | [Owner : Système |Parent : 1348] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 3076 | [Owner : Système |Parent : 1348] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 3112 | [Owner : jean- |Parent : 908] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe 3136 | [Owner : jean- |Parent : 908] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10240.16384) = C:\Windows\System32\sihost.exe 3328 | [Owner : jean- |Parent : 3304] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10240.16601) = C:\Windows\explorer.exe 3384 | [Owner : jean- |Parent : 908] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe 3620 | [Owner : LogonSessionId_0_357589 |Parent : 572] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10240.16384) = C:\Windows\System32\SearchIndexer.exe 4056 | [Owner : Système |Parent : 3620] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10240.16384) = C:\Windows\System32\SearchProtocolHost.exe 240 | [Owner : jean- |Parent : 3328] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 3092 | [Owner : jean- |Parent : 3328] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6517.809) = C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe 1048 | [Owner : Système |Parent : 532] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10240.16384) = C:\Windows\System32\fontdrvhost.exe 2952 | [Owner : jean- |Parent : 328] - (.CyberLink - CyberLink MediaLibray Service.) - (11.0.0.418) = C:\Program Files (x86)\CyberLink\Power2Go11\CLMLSvc_P2G11.exe 1468 | [Owner : jean- |Parent : 1056] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2512 | [Owner : jean- |Parent : 328] - (.Microsoft Corp. - Bing Desktop Application.) - (1.3.470.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 2576 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10240.16384) = C:\Windows\System32\svchost.exe 3448 | [Owner : jean- |Parent : 1468] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 680 | [Owner : jean- |Parent : 660] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10240.16384) = C:\Windows\System32\SettingSyncHost.exe 3028 | [Owner : jean- |Parent : 660] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10240.16384) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 4772 | [Owner : jean- |Parent : 660] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10240.16384) = C:\Windows\System32\RuntimeBroker.exe 4156 | [Owner : Système |Parent : 3620] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10240.16384) = C:\Windows\System32\SearchFilterHost.exe 5032 | [Owner : SERVICE RÉSEAU |Parent : 5036] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MpCmdRun.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of I:\autorun.inf : Content of G:\AUTORUN.INF : Content of F:\autorun.inf : Content of E:\autorun (1).inf : [autorun] open=Framakey.exe icon=Framakey.exe label=Framakey 2 shell=Framakey shell\FramaKey=FramaKey 2 shell\FramaKey\command=Framakey.exe Content of E:\AUTORUN.INF : Content of D:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned H:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) N:\ : Vaccinated (Vaccin created by Pre_Scan) N:\ : Vaccinated (Vaccin created by Pre_Scan) O:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 155 | Restored : 155 ~ [Drive E:] : Hidden : 3 | Restored : 3 ~ [Drive G:] : Hidden : 1 | Restored : 1 ~ [Drive L:] : Hidden : 6 | Restored : 6 ~ [Drive C:] : Hidden : 2 | Restored : 2 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 157 | Restored : 157 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 41 | Restored : 39 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 175 | Restored : 175 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=238G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 27-UNKNWN 13G No No 2,048 27,262,976 1 1 07-NTFS 4.2G Yes No 27,265,024 8,593,408 2 2 0F-EXTEND 221G No No 35,860,417 452,515,583 End : 21:07:47 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 258