¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_29.06.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 03:01:32 Updated 29/06/2016 | 13.25 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Cedric (Administrator)] - [PC-CED] SID = S-1-5-21-4256550607-910914473-3542436597-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i5-4200H CPU @ 2.80GHz Identifier : Intel64 Family 6 Model 60 Stepping 3 CoreTemp : 57 Celsius - Max : 103 Celsius Memory RAM = Total (MB) : 8269 | Free (MB) : 6272 Pagefile = Total (MB) : 10104 | Free (MB) : 8224 Virtual = Total (MB) : 4194 | Free (MB) : 3973 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives D:\-> [Fixed] | [Data] | Total : 537.8 Go | Free : 35.12 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 372.6 Go | Free : 160.65 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Cédric Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [18.07.2016 @ 03_00_28]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10586.494 (© Microsoft Corporation.) FF : 44.0.1.5879 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 52.0.2743.75 (Copyright 2016 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.209 Plugin : 22.0.0.209 ���������� # Security AM : Malwarebytes Anti-Malware (2.3.173.0) [] FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1040 | [Owner : |Parent : 744] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 368.81.) - (8.17.13.6881) = C:\Windows\System32\nvvsvc.exe 1144 | [Owner : |Parent : 744] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4256) = C:\Windows\System32\igfxCUIService.exe 1320 | [Owner : |Parent : 1040] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6881) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 1596 | [Owner : |Parent : 744] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.81.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 1604 | [Owner : |Parent : 744] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 1688 | [Owner : |Parent : 744] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.31.9000) = C:\Windows\SysWOW64\IntelCpHeciSvc.exe 1744 | [Owner : |Parent : 744] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10586.122) = C:\Windows\System32\spoolsv.exe 2088 | [Owner : Système |Parent : 744] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.11.4.0) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 2096 | [Owner : Système |Parent : 744] - (.ASUS Cloud Corporation - Asus WebStorage Windows Service.) - (1.0.0.0) = C:\Program Files (x86)\ASUS\WebStorage\2.1.2.301\AsusWSWinService.exe 2104 | [Owner : Système |Parent : 744] - (.Broadcom Corporation. - Bluetooth Support Server.) - (12.0.1.940) = C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe 2116 | [Owner : Système |Parent : 744] - (.Microsoft Corporation - Microsoft Office Click-to-Run.) - (15.0.4833.1001) = C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe 2128 | [Owner : Système |Parent : 744] - (.Western Digital Technologies, Inc. - WD Drive Service.) - (2.3.1.4) = C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe 2256 | [Owner : Système |Parent : 744] - (.Intel(R) Corporation - Intel(R) Capability Licensing Service Interface.) - (1.31.8.1) = C:\Program Files\Intel\iCLS Client\HeciServer.exe 2312 | [Owner : Système |Parent : 744] - (.NVIDIA Corporation - NVIDIA Streamer Service.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe 2360 | [Owner : Système |Parent : 744] - (. - .) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrA.exe 2424 | [Owner : Système |Parent : 744] - (. - Intel(R) System Usage Report.) - (1.2.1.1313) = C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe 2436 | [Owner : Système |Parent : 744] - (. - .) - (0.0.0.0) = C:\Windows\SysWOW64\PnkBstrB.exe 2448 | [Owner : Système |Parent : 744] - (.ELAN Microelectronics Corp. - Elan Service.) - (11.10.8.3) = C:\Program Files\Elantech\ETDService.exe 2484 | [Owner : |Parent : 744] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MsMpEng.exe 2492 | [Owner : Système |Parent : 744] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 2544 | [Owner : Système |Parent : 744] - (.DEVGURU Co., LTD. - MSS CS Connectivity Service.) - (2.5.5.0) = C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe 2600 | [Owner : Système |Parent : 744] - (.Broadcom Corporation. - Bluetooth Radio Management Support.) - (12.0.0.8048) = C:\Windows\System32\BtwRSupportService.exe 2728 | [Owner : Système |Parent : 744] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe 3008 | [Owner : Système |Parent : 744] - (.Western Digital Technologies, Inc. - WD Backup Engine.) - (2.0.0.15) = C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe 3140 | [Owner : SERVICE LOCAL |Parent : 288] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10586.0) = C:\Windows\System32\dasHost.exe 3756 | [Owner : LogonSessionId_0_188539 |Parent : 744] - (.Microsoft Corporation - Service de la passerelle de la couche Application.) - (10.0.10586.0) = C:\Windows\System32\alg.exe 2692 | [Owner : SERVICE RÉSEAU |Parent : 744] - (.NVIDIA Corporation - NVIDIA Network Stream Service.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe 4864 | [Owner : Système |Parent : 1596] - (.ASUSTek Computer Inc. - HControl.) - (1.0.82.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe 4984 | [Owner : Cedric |Parent : 2448] - (.ELAN Microelectronics Corp. - ETD Control Center.) - (11.66.8.7) = C:\Program Files\Elantech\ETDCtrl.exe 2532 | [Owner : Cedric |Parent : 940] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.10586.0) = C:\Windows\System32\sihost.exe 4712 | [Owner : Cedric |Parent : 940] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe 4772 | [Owner : Cedric |Parent : 940] - (.ASUS - Power4Gear Hybrid.) - (2.2.0.0) = C:\Program Files\ASUS\P4G\BatteryLife.exe 4932 | [Owner : Cedric |Parent : 940] - (.ASUS - ACMON .) - (1.0.8.0) = C:\Program Files (x86)\ASUS\Splendid\ACMON.exe 5020 | [Owner : LogonSessionId_0_285736 |Parent : 744] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8693) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 4908 | [Owner : Cedric |Parent : 940] - (.ASUSTek Computer Inc. - ASUS USB Charger Plus.) - (3.1.9.4) = C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe 4860 | [Owner : Système |Parent : 4864] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe 5692 | [Owner : Cedric |Parent : 860] - (.Microsoft Corporation - Runtime Broker.) - (10.0.10586.0) = C:\Windows\System32\RuntimeBroker.exe 5992 | [Owner : Cedric |Parent : 5672] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10586.494) = C:\Windows\explorer.exe 5860 | [Owner : Cedric |Parent : 860] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.10586.494) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5148 | [Owner : Cedric |Parent : 5168] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4256) = C:\Windows\System32\igfxEM.exe 4780 | [Owner : Cedric |Parent : 5168] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4256) = C:\Windows\System32\igfxHK.exe 2468 | [Owner : Cedric |Parent : 2464] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.19.3) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 5316 | [Owner : Cedric |Parent : 2516] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.30.3) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 4852 | [Owner : Système |Parent : 5248] - (.Google Inc. - Google Crash Handler.) - (1.3.30.3) = C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe 5388 | [Owner : Système |Parent : 5248] - (.Google Inc. - Google Crash Handler.) - (1.3.30.3) = C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe 6636 | [Owner : Cedric |Parent : 860] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.10586.494) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 6968 | [Owner : Cedric |Parent : 1320] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6881) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 6804 | [Owner : Cedric |Parent : 6968] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.16.6.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 6508 | [Owner : LogonSessionId_0_570985 |Parent : 744] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10586.494) = C:\Windows\System32\SearchIndexer.exe 7832 | [Owner : Cedric |Parent : 860] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10586.494) = C:\Windows\System32\SettingSyncHost.exe 8080 | [Owner : Cedric |Parent : 5992] - (.© 2015 Microsoft Corporation - Microsoft Bing Service.) - (1.0.6.0) = C:\Users\Cédric\AppData\Local\Microsoft\BingSvc\BingSvc.exe 2800 | [Owner : Cedric |Parent : 5992] - (.Spotify Ltd - SpotifyWebHelper.) - (1.0.33.106) = C:\Users\Cédric\AppData\Roaming\Spotify\SpotifyWebHelper.exe 5012 | [Owner : Cedric |Parent : 5992] - (.Flux Software LLC - f.lux.) - (3.10.0.1) = C:\Users\Cédric\AppData\Local\FluxSoftware\Flux\flux.exe 6368 | [Owner : Cedric |Parent : 7460] - (.Western Digital Technologies, Inc. - WD Quick View.) - (3.2.4.23) = C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe 4628 | [Owner : Système |Parent : 660] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10586.420) = C:\Windows\System32\fontdrvhost.exe 7812 | [Owner : Cedric |Parent : 744] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10586.0) = C:\Windows\System32\svchost.exe 7668 | [Owner : Cedric |Parent : 7652] - (.Intel Corporation - IAStorIcon.) - (14.10.0.1016) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 7492 | [Owner : Système |Parent : 744] - (.Intel Corporation - IAStorDataSvc.) - (14.10.0.1016) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 3056 | [Owner : Système |Parent : 744] - (.Intel Corporation - Intel(R) ME Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 9160 | [Owner : Système |Parent : 744] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (9.5.12.1682) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 7648 | [Owner : Système |Parent : 744] - (.Intel Corporation - Intel(R) Local Management Service.) - (9.5.10.1628) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 11912 | [Owner : Cedric |Parent : 5992] - (.Valve Corporation - Steam Client Bootstrapper.) - (3.53.1.42) = D:\Jeux\Steam\Steam.exe 11084 | [Owner : Cedric |Parent : 11912] - (.Valve Corporation - Steam Client WebHelper.) - (3.53.1.42) = D:\Jeux\Steam\bin\steamwebhelper.exe 9268 | [Owner : Système |Parent : 744] - (.Valve Corporation - Steam Client Service.) - (3.53.1.42) = C:\Program Files (x86)\Common Files\Steam\SteamService.exe 8812 | [Owner : Cedric |Parent : 5992] - (.Microsoft Corporation - Windows Defender User Interface.) - (4.9.10586.494) = C:\Program Files\Windows Defender\MSASCui.exe 6612 | [Owner : Cedric |Parent : 860] - (.Microsoft Corporation - Application Frame Host.) - (10.0.10586.0) = C:\Windows\System32\ApplicationFrameHost.exe 11928 | [Owner : Cedric |Parent : 5992] - (.Spotify Ltd - Spotify.) - (1.0.33.106) = C:\Users\Cédric\AppData\Roaming\Spotify\Spotify.exe 8160 | [Owner : Cedric |Parent : 11928] - (.Spotify Ltd - SpotifyCrashService.) - (1.0.33.106) = C:\Users\Cédric\AppData\Roaming\Spotify\SpotifyCrashService.exe 4484 | [Owner : Cedric |Parent : 11928] - (.Spotify Ltd - Spotify.) - (1.0.33.106) = C:\Users\Cédric\AppData\Roaming\Spotify\Spotify.exe 9640 | [Owner : Cedric |Parent : 11928] - (.Spotify Ltd - Spotify.) - (1.0.33.106) = C:\Users\Cédric\AppData\Roaming\Spotify\Spotify.exe 11852 | [Owner : Système |Parent : 2312] - (.NVIDIA Corporation - NVIDIA Streamer User Agent.) - (7.1.2084.9592) = C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe 12512 | [Owner : Cedric |Parent : 860] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.10586.494) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 13928 | [Owner : Cedric |Parent : 940] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe 4700 | [Owner : Cedric |Parent : 5992] - (.Google Inc. - Google Chrome.) - (52.0.2743.75) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 12796 | [Owner : Cedric |Parent : 4700] - (.Google Inc. - Google Chrome.) - (52.0.2743.75) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 1336 | [Owner : Cedric |Parent : 4700] - (.Google Inc. - Google Chrome.) - (52.0.2743.75) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 12268 | [Owner : Cedric |Parent : 5992] - (.Microsoft Corporation - Microsoft Management Console.) - (10.0.10586.0) = C:\Windows\System32\mmc.exe 13880 | [Owner : Système |Parent : 940] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10586.0) = C:\Windows\System32\taskhostw.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 0 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IC511L0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IES8E9O.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IFJJRE6.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IH7Z1P9.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IPGDXWE.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IPS4783.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IUN31R2.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IWVDKOO.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IXVI2N0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$IZZHEG2.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RC511L0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RES8E9O.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RFJJRE6.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RH7Z1P9.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RPGDXWE.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RPS4783.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RUN31R2.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RWVDKOO.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RXVI2N0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4256550607-910914473-3542436597-1001\$RZZHEG2.exe Deleted : HKLM\Software\WOW6432Node\deep silver Moved to quarantine successfully : C:\Users\Cédric\AppData\Local\DSI.DAT Will be moved in quarantine at reboot : D:\msdownld.tmp ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 23 | Restored : 23 ~ [Drive C:] : Hidden : 4 | Restored : 4 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 23 | Restored : 23 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Desktop] : Hidden : 1 | Restored : 1 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 56 | Restored : 49 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 12 | Restored : 12 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 03:28:04 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 273