¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_20.07.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 17:45:16 Updated 20/07/2016 | 00.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [100P100_S_FIN] SID = S-1-5-21-333624727-3628993747-300940260-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2335 Pagefile = Total (MB) : 4157 | Free (MB) : 2576 Virtual = Total (MB) : 4194 | Free (MB) : 3990 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives X:\-> [Removable] | [NO NAME] | Total : 59.48 Go | Free : 17.61 Go -> FAT32 [USB] S:\-> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 726.07 Go -> NTFS [USB] M:\-> [Removable] | [] | Total : 30.02 Go | Free : 2.03 Go -> FAT32 [USB] L:\-> [Removable] | [FRAMAKEY SA] | Total : 28.78 Go | Free : 24.99 Go -> FAT32 [USB] K:\-> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 8.51 Go -> FAT32 [USB] J:\-> [Removable] | [HITMANPRO] | Total : 1.86 Go | Free : 1.69 Go -> FAT32 [USB] H:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 51.43 Go -> FAT32 [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 846.99 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Jean-Marie C:\Users\DefaultAppPool Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [12.08.2016 @ 17_40_51]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) FF : 48.0.0.6051 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.209 ���������� # Security AV : Ad-Aware Antivirus Disabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1084 | [Owner : |Parent : 656] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1116 | [Owner : |Parent : 1084] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1472 | [Owner : |Parent : 656] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 1508 | [Owner : |Parent : 1472] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 1516 | [Owner : |Parent : 656] - (.SurfRight B.V. - HitmanPro Scheduler.) - (3.7.0.5) = C:\Program Files\HitmanPro\hmpsched.exe 1708 | [Owner : |Parent : 656] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.0) = C:\Windows\System32\spoolsv.exe 2120 | [Owner : Système |Parent : 656] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2128 | [Owner : Système |Parent : 656] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe 2264 | [Owner : Système |Parent : 656] - (.Plays.tv, LLC - Plays.tv Service.) - (1.0.0.0) = C:\Program Files (x86)\Raptr Inc\PlaysTV\plays_service.exe 2608 | [Owner : SERVICE LOCAL |Parent : 980] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.0) = C:\Windows\System32\dasHost.exe 5008 | [Owner : LogonSessionId_0_289788 |Parent : 656] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.0) = C:\Windows\System32\SearchIndexer.exe 3572 | [Owner : LogonSessionId_0_294581 |Parent : 656] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.14393.0) = C:\Program Files\Windows Media Player\wmpnetwk.exe 5068 | [Owner : Jean-Marie |Parent : 892] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 6064 | [Owner : Jean-Marie |Parent : 656] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 3524 | [Owner : Jean-Marie |Parent : 892] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 3764 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 5636 | [Owner : Jean-Marie |Parent : 5512] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.0) = C:\Windows\explorer.exe 5948 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe 1456 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 5128 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.51) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5240 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.0) = C:\Windows\System32\SettingSyncHost.exe 1128 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.0) = C:\Windows\System32\smartscreen.exe 2764 | [Owner : Jean-Marie |Parent : 5636] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 2372 | [Owner : Jean-Marie |Parent : 5636] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6390.509) = C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\OneDrive.exe 6328 | [Owner : Jean-Marie |Parent : 5636] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) - (10.0.2522.0) = S:\programfiles (x64) en file d'attente pour power2go 11 (power2go 10 portable)\Power2Go10\Power2GoExpress10.exe 6380 | [Owner : Système |Parent : 624] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.0) = C:\Windows\System32\fontdrvhost.exe 6536 | [Owner : Jean-Marie |Parent : 6428] - (.CyberLink - CyberLink MediaLibray Service.) - (8.0.0.608) = C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe 6556 | [Owner : Jean-Marie |Parent : 5636] - (.PortableApps.com - PortableApps.com Platform.) - (14.1.0.0) = S:\LFS Ultra & 100% Sécurisé\hidefolder\hide_pro\LFS Ultra & 100% Sécurisé\LFS Ultra\lfs ultimate\PortableApps\PortableApps.com\PortableAppsPlatform.exe 6568 | [Owner : Jean-Marie |Parent : 6492] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 6604 | [Owner : Jean-Marie |Parent : 6428] - (.Wondershare - Wondershare Studio.) - (2.5.0.0) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 6664 | [Owner : Jean-Marie |Parent : 6428] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 6692 | [Owner : Jean-Marie |Parent : 6428] - (.SEIKO EPSON CORPORATION - EEventManager Application.) - (3.2.0.0) = C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe 6784 | [Owner : Jean-Marie |Parent : 6428] - (.CyberLink - CyberLink MediaLibray Service.) - (10.0.0.1725) = S:\programfiles (x64) en file d'attente pour power2go 11 (power2go 10 portable)\Power2Go10\CLMLSvc_P2G10.exe 6972 | [Owner : Système |Parent : 656] - (.Disc Soft Ltd - Disc Soft Bus Service.) - (7.1.0.595) = S:\programfiles - dtpro7 power2go11 (x64)\daemon tools pro 7\DiscSoftBusService.exe 4148 | [Owner : Jean-Marie |Parent : 6568] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 5560 | [Owner : Jean-Marie |Parent : 6328] - (.CyberLink - TrialMgr.) - (5.1.0.6309) = S:\programfiles (x64) en file d'attente pour power2go 11 (power2go 10 portable)\Power2Go10\Trial\TrialMgr.exe 2864 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corp. - BDExtHost.exe.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe 7124 | [Owner : Jean-Marie |Parent : 5560] - (. - Trial MFC Application.) - (5.1.0.6309) = S:\programfiles (x64) en file d'attente pour power2go 11 (power2go 10 portable)\Power2Go10\Trial\Trial.exe 5952 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corp. - BDAppHost.exe.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe 904 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corp. - BDRuntimeHost.exe.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe 7036 | [Owner : Jean-Marie |Parent : 6556] - (.PortableApps.com - PortableApps.com Updater.) - (14.1.0.0) = S:\LFS Ultra & 100% Sécurisé\hidefolder\hide_pro\LFS Ultra & 100% Sécurisé\LFS Ultra\lfs ultimate\PortableApps\PortableApps.com\PortableAppsUpdater.exe 7284 | [Owner : Jean-Marie |Parent : 6840] - (.Raptr, Inc - Raptr Desktop App.) - (5.2.5.0) = C:\PROGRA~2\RAPTRI~1\Raptr\raptr.exe 7476 | [Owner : Jean-Marie |Parent : 7284] - (.Raptr, Inc - Raptr Desktop App.) - (5.2.5.0) = C:\PROGRA~2\RAPTRI~1\Raptr\raptr_im.exe 8020 | [Owner : Jean-Marie |Parent : 7284] - (.Raptr Inc. - Elevation Proxy.) - (1.0.0.1) = C:\PROGRA~2\RAPTRI~1\Raptr\raptr_ep64.exe 8140 | [Owner : Jean-Marie |Parent : 7068] - (.Plays.tv, LLC - Plays.tv Video Recorder by Raptr.) - (1.13.1.0) = C:\PROGRA~2\RAPTRI~1\PlaysTV\playstv.exe 4264 | [Owner : Jean-Marie |Parent : 8140] - (.Raptr Inc. - Elevation Proxy.) - (1.0.0.1) = C:\PROGRA~2\RAPTRI~1\PlaysTV\plays_ep64.exe 4084 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - InstallAgent.) - (10.0.14393.0) = C:\Windows\System32\InstallAgent.exe 4212 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - InstallAgentUserBroker.) - (10.0.14393.0) = C:\Windows\System32\InstallAgentUserBroker.exe 3352 | [Owner : Jean-Marie |Parent : 5636] - (.Mozilla Corporation - Firefox.) - (48.0.0.6051) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe 6444 | [Owner : Jean-Marie |Parent : 3352] - (.Mozilla Corporation - Plugin Container for Firefox.) - (48.0.0.6051) = C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe 8888 | [Owner : Système |Parent : 5008] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.0) = C:\Windows\System32\SearchProtocolHost.exe 8904 | [Owner : Système |Parent : 5008] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.0) = C:\Windows\System32\SearchFilterHost.exe 7044 | [Owner : Jean-Marie |Parent : 728] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.0) = C:\Windows\explorer.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets Possible Infected : C:\Program Files (x86)\7-Zip\7zFM.exe : 525EF93C1C5FF83CD156A53C475EF83C6478F33CD75EF83C6478F23C545EF83C5B266D3C535EF83C9558FE3C535EF83C52696368525EF83C0000000000000000 ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$I1RLPFZ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$I5JRTCP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$I7GDVT3.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$I9LVV78.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IC3LVI4.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$ICJLAV8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$ICYRP15.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IEGUWR8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IERB1M1.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IGEBJ83.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IIRQJF6.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IJP7YUR.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$ITB7WRH.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IW6P6BT.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IXF2RWU.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$IZVA9IX.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$R1RLPFZ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$R5JRTCP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$R7GDVT3.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$R9LVV78.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RC3LVI4.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RCJLAV8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RCYRP15.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$REGUWR8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RERB1M1.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RGEBJ83.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RIRQJF6.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RJP7YUR.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RTB7WRH.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RW6P6BT.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RXF2RWU.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-333624727-3628993747-300940260-1001\$RZVA9IX.exe Moved to quarantine successfully : S:\Adaware_Installer-11.2.5952.exe Moved to quarantine successfully : S:\Adaware_Installer.exe Moved to quarantine successfully : S:\browsercall.exe Moved to quarantine successfully : S:\DAEMONToolsNet510-0189.exe Moved to quarantine successfully : S:\FI_PRO_14.0.34.73_FRA (1).exe Moved to quarantine successfully : S:\FI_PRO_14.0.34.73_FRA.exe Moved to quarantine successfully : S:\free-youtube-downloader_setup_full1378.exe Moved to quarantine successfully : S:\gfiwebmonitor_net_x64.exe Moved to quarantine successfully : S:\installboost.exe Moved to quarantine successfully : S:\jing.exe Moved to quarantine successfully : S:\Kickstarter.exe Moved to quarantine successfully : S:\LiberKey_5.8.1129.exe Moved to quarantine successfully : S:\LikeNEWPCSetup.exe Moved to quarantine successfully : S:\marmiton-install.exe Moved to quarantine successfully : S:\MediaEspresso_7.5.7521.60439_Espresso_MEX160322-01_Trial_MEX160322-01.exe Moved to quarantine successfully : S:\Paragon-283-PEF_WinInstallSNx64_10.1.25.813_000.exe Moved to quarantine successfully : S:\Paragon-283-PEF_WinInstallSN_10.1.25.813_000.exe Moved to quarantine successfully : S:\processclose_1.0.0.3.exe Moved to quarantine successfully : S:\ProductKeyFinder64.exe Moved to quarantine successfully : S:\quickdiag_2_02.08.2016.1.exe Moved to quarantine successfully : S:\quickdiag_2_28.07.2016.1.exe Moved to quarantine successfully : S:\RogueKillerAdmin.exe Moved to quarantine successfully : S:\RogueKillerX64.exe Moved to quarantine successfully : S:\rpg-setup.exe Moved to quarantine successfully : S:\rufus-2.10.exe Moved to quarantine successfully : S:\SecureBrowser.exe Moved to quarantine successfully : S:\setup(1).exe Moved to quarantine successfully : S:\setup.exe Moved to quarantine successfully : S:\siinst.exe Moved to quarantine successfully : S:\SoundCloudDownload.exe Moved to quarantine successfully : S:\Start Commandline Scanner.exe Moved to quarantine successfully : S:\Start Emergency Kit Scanner.exe Moved to quarantine successfully : S:\supercopier_4-0-1-13_fr_11010_64.exe Moved to quarantine successfully : S:\teracopy_2-3_fr_42144.exe Moved to quarantine successfully : S:\tvc_setup_2.0.0.145_ML.exe Moved to quarantine successfully : S:\watermark-software.exe Moved to quarantine successfully : S:\WEBMONNET_gfiwebmonitor_net_x64.exe Moved to quarantine successfully : S:\Win32DiskImager-0.9.5-install.exe Moved to quarantine successfully : S:\wmosetup.exe Moved to quarantine successfully : S:\WVDSetup.exe Moved to quarantine successfully : J:\Kickstarter.exe Moved to quarantine successfully : S:\GdiPlus.dll Moved to quarantine successfully : S:\Backup data - Raccourci (2).lnk Moved to quarantine successfully : S:\Backup data - Raccourci.lnk Moved to quarantine successfully : S:\FM-{5E50180A-5AB8-43A7-B620-187D94D9A79C}.ico - Raccourci (2).lnk Moved to quarantine successfully : S:\FM-{5E50180A-5AB8-43A7-B620-187D94D9A79C}.ico - Raccourci (3).lnk Moved to quarantine successfully : S:\FM-{5E50180A-5AB8-43A7-B620-187D94D9A79C}.ico - Raccourci (4).lnk Moved to quarantine successfully : S:\FM-{5E50180A-5AB8-43A7-B620-187D94D9A79C}.ico - Raccourci (5).lnk Moved to quarantine successfully : S:\FM-{5E50180A-5AB8-43A7-B620-187D94D9A79C}.ico - Raccourci.lnk Moved to quarantine successfully : S:\gfimes_20160805091243.log - Raccourci.lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci (2).lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci (3).lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci (4).lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci (5).lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci (6).lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci (7).lnk Moved to quarantine successfully : S:\nous f la c de la l de dem - Raccourci.lnk Moved to quarantine successfully : S:\RKreport_DEL_08072016_212139.log - Raccourci (2).lnk Moved to quarantine successfully : S:\RKreport_DEL_08072016_212139.log - Raccourci (3).lnk Moved to quarantine successfully : S:\RKreport_DEL_08072016_212139.log - Raccourci.lnk Moved to quarantine successfully : S:\roguekiller technicien en logo syrtos - Raccourci (2).lnk Moved to quarantine successfully : S:\roguekiller technicien en logo syrtos - Raccourci.lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (2).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (3).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (4).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (5).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (6).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (7).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (8).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci (9).lnk Moved to quarantine successfully : S:\Téléchargements - Raccourci.lnk Moved to quarantine successfully : S:\autorun.ico Moved to quarantine successfully : S:\SecureBrowser.ico ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned H:\ : Vaccinated (Vaccin created by Pre_Scan) J:\ : Vaccinated (Vaccin created by Pre_Scan) K:\ : Vaccinated (Vaccin created by Pre_Scan) L:\ : Vaccinated (Vaccin created by Pre_Scan) M:\ : Vaccinated (Vaccin created by Usbfix) X:\ : Vaccinated (Vaccin created by Usbfix) ���������� | Hidden files ~ [Drive D:] : Hidden : 2 | Restored : 2 ~ [Drive L:] : Hidden : 1 | Restored : 1 ~ [Drive S:] : Hidden : 20 | Restored : 19 ~ [Drive C:] : Hidden : 4 | Restored : 2 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Pictures] : Hidden : 1 | Restored : 1 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Windows] : Hidden : 51 | Restored : 48 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 137 | Restored : 137 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 21:56:56 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 350