¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 7_10.01.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:26:03 01/20/2017 Updated 10/01/2017 | 10.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-IKGHE9A] SID = S-1-5-21-3105433554-2957193542-3052483645-1001 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2688 Pagefile = Total (MB) : 3748 | Free (MB) : 2788 Virtual = Total (MB) : 4194 | Free (MB) : 3984 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives M:\ -> [Removable] | [wintobootic] | Total : 119.5 Go | Free : 106.69 Go -> NTFS [USB] K:\ -> [Removable] | [EMTECH YUMI] | Total : 57.68 Go | Free : 0.34 Go -> FAT32 [USB] I:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 0 Go -> FAT32 [USB] H:\ -> [Fixed] | [zalman ZM- VE350] | Total : 931.06 Go | Free : 51.57 Go -> NTFS [USB] F:\ -> [Removable] | [sandisk con] | Total : 119.06 Go | Free : 16.13 Go -> exFAT [USB] E:\ -> [CDROM] | [934312268-1] | Total : 0.7 Go | Free : 0 Go -> CDFS [SATA] D:\ -> [Fixed] | [WinToUSB] | Total : 115.59 Go | Free : 0.48 Go -> NTFS [USB] C:\ -> [Fixed] | [WinToUSB] | Total : 115 Go | Free : 104.23 Go -> NTFS [FileBackedVirtual] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [20.01.2017 @ 20_25_18]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10240.16412 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 18.0.0.228 ���������� # Security FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1348 | [Owner : |Parent : 588] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10240.16384) = C:\Windows\System32\spoolsv.exe 1596 | [Owner : |Parent : 588] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MsMpEng.exe 3204 | [Owner : LogonSessionId_0_287275 |Parent : 588] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10240.16392) = C:\Windows\System32\SearchIndexer.exe 3552 | [Owner : jean- |Parent : 364] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10240.16384) = C:\Windows\System32\sihost.exe 3772 | [Owner : jean- |Parent : 364] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe 2548 | [Owner : jean- |Parent : 3348] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10240.16601) = C:\Windows\explorer.exe 1648 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10240.16384) = C:\Windows\System32\SettingSyncHost.exe 396 | [Owner : jean- |Parent : 588] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10240.16384) = C:\Windows\System32\svchost.exe 2320 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10240.16384) = C:\Windows\System32\RuntimeBroker.exe 5060 | [Owner : SERVICE LOCAL |Parent : 468] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe 4600 | [Owner : SERVICE LOCAL |Parent : 468] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10240.16384) = C:\Windows\System32\WUDFHost.exe 4988 | [Owner : Système |Parent : 1072] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10240.16485) = C:\Windows\System32\fontdrvhost.exe 4448 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10240.16384) = C:\Windows\System32\ApplicationFrameHost.exe 3324 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10240.16425) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 2024 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10240.16431) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5852 | [Owner : LogonSessionId_0_5884508 |Parent : 588] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.10240.16384) = C:\Windows\System32\vds.exe 2108 | [Owner : Système |Parent : 3204] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10240.16384) = C:\Windows\System32\SearchFilterHost.exe 4212 | [Owner : Système |Parent : 3204] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10240.16431) = C:\Windows\System32\SearchProtocolHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of K:\AUTORUN.INF : Content of I:\AUTORUN.INF : caacaacaacaacaa ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 7_10.01.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 08:31:37 01/21/2017 Updated 10/01/2017 | 10.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-IKGHE9A] SID = S-1-5-21-3105433554-2957193542-3052483645-1001 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD GraphicsIdentifier : AMD64 Family 20 Model 2 Stepping 0CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2820 Pagefile = Total (MB) : 3748 | Free (MB) : 2910 Virtual = Total (MB) : 4194 | Free (MB) : 3983 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives M:\ -> [Removable] | [wintobootic] | Total : 119.5 Go | Free : 106.69 Go -> NTFS [USB]K:\ -> [Removable] | [EMTECH YUMI] | Total : 57.68 Go | Free : 0.34 Go -> FAT32 [USB]I:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 0 Go -> FAT32 [USB]H:\ -> [Fixed] | [zalman ZM- VE350] | Total : 931.06 Go | Free : 51.57 Go -> NTFS [USB]F:\ -> [Removable] | [sandisk con] | Total : 119.06 Go | Free : 16.13 Go -> exFAT [USB]E:\ -> [CDROM] | [934312268-1] | Total : 0.7 Go | Free : 0 Go -> CDFS [SATA]D:\ -> [Fixed] | [WinToUSB] | Total : 115.59 Go | Free : 0.48 Go -> NTFS [USB]C:\ -> [Fixed] | [WinToUSB] | Total : 115 Go | Free : 98.98 Go -> NTFS [FileBackedVirtual] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofileC:\Windows\ServiceProfiles\LocalServiceC:\Windows\ServiceProfiles\NetworkServiceC:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [21.01.2017 @ 08_30_46])To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10240.17202 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 24.0.0.194 ?????????? # Security FW : WMI : OKWU: Windows Update Service [Auto(2)] = RunningAS: Windows Defender [Auto(2)] = RunningFW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1348 | [Owner : |Parent : 588] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10240.16384) = C:\Windows\System32\spoolsv.exe1596 | [Owner : |Parent : 588] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MsMpEng.exe3204 | [Owner : LogonSessionId_0_287275 |Parent : 588] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10240.16392) = C:\Windows\System32\SearchIndexer.exe3552 | [Owner : jean- |Parent : 364] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10240.16384) = C:\Windows\System32\sihost.exe3772 | [Owner : jean- |Parent : 364] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe2548 | [Owner : jean- |Parent : 3348] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10240.16601) = C:\Windows\explorer.exe1648 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10240.16384) = C:\Windows\System32\SettingSyncHost.exe396 | [Owner : jean- |Parent : 588] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10240.16384) = C:\Windows\System32\svchost.exe2320 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10240.16384) = C:\Windows\System32\RuntimeBroker.exe5060 | [Owner : SERVICE LOCAL |Parent : 468] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe4600 | [Owner : SERVICE LOCAL |Parent : 468] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10240.16384) = C:\Windows\System32\WUDFHost.exe4988 | [Owner : Système |Parent : 1072] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10240.16485) = C:\Windows\System32\fontdrvhost.exe4448 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10240.16384) = C:\Windows\System32\ApplicationFrameHost.exe3324 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10240.16425) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe2024 | [Owner : jean- |Parent : 680] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10240.16431) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe5852 | [Owner : LogonSessionId_0_5884508 |Parent : 588] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.10240.16384) = C:\Windows\System32\vds.exe2108 | [Owner : Système |Parent : 3204] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.10240.16384) = C:\Windows\System32\SearchFilterHost.exe4212 | [Owner : Système |Parent : 3204] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.10240.16431) = C:\Windows\System32\SearchProtocolHost.exe496 | [Owner : |Parent : 684] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe1448 | [Owner : |Parent : 684] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe1540 | [Owner : |Parent : 1448] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe1724 | [Owner : |Parent : 684] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10240.17113) = C:\Windows\System32\spoolsv.exe1664 | [Owner : SERVICE LOCAL |Parent : 988] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe1408 | [Owner : Système |Parent : 684] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe2400 | [Owner : |Parent : 684] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.8.10240.17202) = C:\Program Files\Windows Defender\MsMpEng.exe2500 | [Owner : LogonSessionId_0_939740 |Parent : 684] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10240.17184) = C:\Windows\System32\SearchIndexer.exe2852 | [Owner : Système |Parent : 496] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe2928 | [Owner : jean- |Parent : 920] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10240.16384) = C:\Windows\System32\sihost.exe1320 | [Owner : jean- |Parent : 920] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe640 | [Owner : jean- |Parent : 2044] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10240.17202) = C:\Windows\explorer.exe2776 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10240.16384) = C:\Windows\System32\RuntimeBroker.exe2004 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10240.17202) = C:\Windows\System32\SettingSyncHost.exe3296 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10240.16766) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe3400 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10240.17202) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe3396 | [Owner : jean- |Parent : 640] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6720.1207) = C:\Users\jean-\AppData\Local\Microsoft\OneDrive\OneDrive.exe3940 | [Owner : jean- |Parent : 1884] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe2200 | [Owner : jean- |Parent : 3940] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe5060 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10240.16384) = C:\Windows\System32\ApplicationFrameHost.exe4736 | [Owner : jean- |Parent : 684] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10240.16384) = C:\Windows\System32\svchost.exe5052 | [Owner : jean- |Parent : 776] - (.Microsoft Corporation - Store.) - (11602.1.26.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11602.1.26.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! ? ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of K:\AUTORUN.INF : Content of I:\AUTORUN.INF : caacaacaacaacaa ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets