¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 7_31.01.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 11:40:13 03/07/2017 Updated 31/01/2017 | 09.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-CGKKC4S] SID = S-1-5-21-4275793218-1861141300-609153107-1001 Boot: Normal boot System : Windows 10 Home (32 bits) Core ProcessorNameString : Intel(R) Atom(TM) CPU Z3735F @ 1.33GHz Identifier : x86 Family 6 Model 55 Stepping 8 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 2033 | Free (MB) : 938 Pagefile = Total (MB) : 4130 | Free (MB) : 3086 Virtual = Total (MB) : 2097 | Free (MB) : 1886 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives Z:\-> [Network] | [] | Total : 3.7 Go | Free : 0 Go -> Y:\-> [Network] | [] | Total : 30.02 Go | Free : 0.16 Go -> E:\-> [Removable] | [FRAMA SALIX] | Total : 28.78 Go | Free : 5.24 Go -> FAT32 [USB] D:\-> [Removable] | [HMP KICKSTA] | Total : 57.55 Go | Free : 21.64 Go -> FAT32 [USB] C:\-> [Fixed] | [Windows] | Total : 28.62 Go | Free : 0.36 Go -> NTFS (SSD) [SD] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\defaultuser0 C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [07.03.2017 @ 11_35_34]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) FF : 51.0.1.6234 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 24.0.0.221 ���������� # Security AV : Windows Defender Enabled AS : Fix-It Anti-Virus Disabled FW : adaware firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1976 | [Owner : |Parent : 760] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe 2056 | [Owner : |Parent : 760] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MsMpEng.exe 2664 | [Owner : LogonSessionId_0_161553 |Parent : 760] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe 3372 | [Owner : |Parent : 760] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 1560 | [Owner : jean- |Parent : 760] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 4736 | [Owner : SERVICE RÉSEAU |Parent : 4664] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MpCmdRun.exe 6292 | [Owner : Système |Parent : 704] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.447) = C:\Windows\System32\fontdrvhost.exe 5220 | [Owner : jean- |Parent : 1748] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 9464 | [Owner : jean- |Parent : 5220] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.479) = C:\Windows\explorer.exe 6972 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 9344 | [Owner : jean- |Parent : 9464] - (. - .) - (0.0.0.0) = C:\Program Files\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 7484 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.693) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5496 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 4636 | [Owner : jean- |Parent : 1748] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 7648 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.594) = C:\Windows\System32\SettingSyncHost.exe 7836 | [Owner : jean- |Parent : 9464] - (.Mozilla Corporation - Firefox.) - (51.0.1.6234) = C:\Program Files\Mozilla Firefox\firefox.exe 3192 | [Owner : jean- |Parent : 7836] - (.Mozilla Corporation - Firefox.) - (51.0.1.6234) = C:\Program Files\Mozilla Firefox\firefox.exe 7108 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.14393.693) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 3800 | [Owner : SERVICE LOCAL |Parent : 1236] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 7600 | [Owner : jean- |Parent : 9464] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files\Microsoft\BingDesktop\BingDesktop.exe 8048 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - Virtual Disk Service Loader.) - (10.0.14393.0) = C:\Windows\System32\vdsldr.exe 8392 | [Owner : jean- |Parent : 864] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.321) = C:\Windows\System32\smartscreen.exe 988 | [Owner : jean- |Parent : 1748] - (.IObit - Advanced SystemCare 10.) - (10.2.0.721) = C:\Program Files\IObit\Advanced SystemCare\ASC.exe 8736 | [Owner : jean- |Parent : 988] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3117) = C:\Program Files\IObit\Advanced SystemCare\ASCTray.exe 8996 | [Owner : jean- |Parent : 6068] - (.IObit - UninstallerMonitor.) - (6.2.1.406) = C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe 6544 | [Owner : LogonSessionId_0_9914999 |Parent : 760] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.14393.479) = C:\Windows\servicing\TrustedInstaller.exe 4504 | [Owner : Système |Parent : 864] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.14393.693) = C:\Windows\WinSxS\x86_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.693_none_e6e0ba45ad01c789\TiWorker.exe 3312 | [Owner : jean- |Parent : 1644] - (. - .) - (12.0.649.11190) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.0.649.11190\AdAwareTray.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\DnsCache]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4275793218-1861141300-609153107-1001\$IAUZWEK.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4275793218-1861141300-609153107-1001\$IMZ8RQN.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4275793218-1861141300-609153107-1001\$RAUZWEK.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4275793218-1861141300-609153107-1001\$RMZ8RQN.exe Deleted : HKLM\Software\adaware Moved to quarantine successfully : Z:\DTVP30_Launcher.exe Moved to quarantine successfully : Y:\start commandline scanner.exe Moved to quarantine successfully : Y:\start emergency kit scanner.exe Moved to quarantine successfully : Y:\DTVP30_Launcher.exe Moved to quarantine successfully : Y:\pcmover_fr_10.exe Moved to quarantine successfully : D:\Kickstarter.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) E:\ : Vaccinated (Vaccin created by Usbfix) Y:\ : Vaccinated (Vaccin created by Pre_Scan) Z:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive C:] : Hidden : 4 | Restored : 4 ~ [Program Files] : Hidden : 132 | Restored : 13 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 132 | Restored : 126 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 179 | Restored : 179 ¤¤¤¤¤¤¤¤¤¤ # Drives Error: 23: - No Disk Identified, or Insufficient User Priviledges End : 13:32:16 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 203