¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_20.07.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 09:29:15 Updated 20/07/2016 | 00.20 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LFS_ULTRA] SID = S-1-5-21-3042704910-407304991-3750219112-1001 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2219 Pagefile = Total (MB) : 4157 | Free (MB) : 2517 Virtual = Total (MB) : 4194 | Free (MB) : 3957 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives Y:\-> [Removable] | [USB DISK] | Total : 15 Go | Free : 12.07 Go -> FAT32 [USB] X:\-> [Removable] | [UUI] | Total : 7.26 Go | Free : 0.29 Go -> FAT32 [USB] W:\-> [Removable] | [AUTORAD] | Total : 14.83 Go | Free : 14.57 Go -> FAT32 [USB] V:\-> [Fixed] | [My Passport] | Total : 2794.49 Go | Free : 559.93 Go -> NTFS [USB] U:\-> [Removable] | [NO NAME] | Total : 59.48 Go | Free : 17.33 Go -> FAT32 [USB] P:\-> [Removable] | [stylo espio] | Total : 3.69 Go | Free : 0.95 Go -> FAT32 [USB] O:\-> [Removable] | [MONTRE ESPI] | Total : 7.42 Go | Free : 0.87 Go -> FAT32 [USB] N:\-> [Removable] | [] | Total : 30.02 Go | Free : 2.07 Go -> FAT32 [USB] M:\-> [CDROM] | [Paragon] | Total : 0.12 Go | Free : 0 Go -> CDFS [USB] L:\-> [Removable] | [FramaLive] | Total : 14.41 Go | Free : 8.51 Go -> FAT32 [USB] K:\-> [Removable] | [HITMANPRO] | Total : 1.86 Go | Free : 1.7 Go -> FAT32 [USB] I:\-> [Removable] | [FRAMAKEY SA] | Total : 28.78 Go | Free : 23.22 Go -> FAT32 [USB] H:\-> [Removable] | [FRAMAKEY UB] | Total : 57.64 Go | Free : 51.44 Go -> FAT32 [USB] G:\-> [Removable] | [] | Total : 3.67 Go | Free : 0.33 Go -> FAT32 [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.6 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 863.84 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates No detected update !!! Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Jean-Marie Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [20.08.2016 @ 09_25_04]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.209 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1192 | [Owner : |Parent : 676] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1236 | [Owner : |Parent : 1192] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1584 | [Owner : |Parent : 676] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 1680 | [Owner : |Parent : 1584] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 1896 | [Owner : |Parent : 676] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.0) = C:\Windows\System32\spoolsv.exe 2308 | [Owner : Système |Parent : 676] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2352 | [Owner : Système |Parent : 676] - (. - .) - (0.0.0.0) = C:\Program Files\Essentware\Common\AccountService.exe 2420 | [Owner : Système |Parent : 676] - (.IObit - Product Updater.) - (2.1.6.2660) = C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe 2532 | [Owner : Système |Parent : 676] - (. - .) - (0.0.0.0) = C:\Program Files\Essentware\PCKeeper\OneClickFixService.exe 2648 | [Owner : Système |Parent : 676] - (. - .) - (0.0.0.0) = C:\Program Files\Essentware\PCKAV\PCKAVService.exe 2052 | [Owner : Système |Parent : 676] - (. - .) - (0.0.0.0) = C:\Program Files\Essentware\PCKeeper\PCKeeperService.exe 3232 | [Owner : SERVICE LOCAL |Parent : 808] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 3468 | [Owner : SERVICE LOCAL |Parent : 808] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.0) = C:\Windows\System32\dasHost.exe 2920 | [Owner : Jean-Marie |Parent : 448] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 3844 | [Owner : Jean-Marie |Parent : 676] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 3828 | [Owner : Jean-Marie |Parent : 448] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 3500 | [Owner : Jean-Marie |Parent : 448] - (.IObit - Smart Defrag 5.) - (5.2.0.854) = C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe 3980 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 1004 | [Owner : Jean-Marie |Parent : 3552] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.0) = C:\Windows\explorer.exe 4364 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 4580 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.51) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 1648 | [Owner : LogonSessionId_0_328236 |Parent : 676] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.0) = C:\Windows\System32\SearchIndexer.exe 3776 | [Owner : Jean-Marie |Parent : 5064] - (.IObit - UninstallerMonitor.) - (6.0.1.312) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe 5536 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.0) = C:\Windows\System32\SettingSyncHost.exe 5644 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.0) = C:\Windows\System32\smartscreen.exe 5676 | [Owner : Système |Parent : 1648] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.0) = C:\Windows\System32\SearchProtocolHost.exe 5752 | [Owner : Jean-Marie |Parent : 1004] - (. - .) - (11.12.945.9202) = C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.12.945.9202\AdAwareTray.exe 5840 | [Owner : Jean-Marie |Parent : 1004] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6517.809) = C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\OneDrive.exe 5896 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.0) = C:\Windows\System32\fontdrvhost.exe 5960 | [Owner : Jean-Marie |Parent : 1004] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) - (10.0.1909.0) = C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe 6680 | [Owner : Jean-Marie |Parent : 3476] - (.Wondershare - Wondershare Studio.) - (2.5.0.0) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 6728 | [Owner : Jean-Marie |Parent : 3476] - (.Microsoft Corp. - Bing Desktop Application.) - (1.4.167.0) = C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe 6776 | [Owner : Jean-Marie |Parent : 3476] - (.CyberLink Corporation. - InstantBurn UDF Tool.) - (5.0.0.10524) = C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe 6784 | [Owner : Jean-Marie |Parent : 6180] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 6852 | [Owner : Jean-Marie |Parent : 3476] - (.CyberLink - CyberLink MediaLibray Service.) - (10.0.0.1725) = C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe 7028 | [Owner : Système |Parent : 448] - (. - SpywareBlaster AutoUpdate.) - (5.5.0.0) = C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe 7036 | [Owner : Jean-Marie |Parent : 3476] - (.Avanquest Software - AutoSave Essentials.) - (1.0.0.0) = C:\Program Files (x86)\Avanquest\AutoSaveEssentials\AutoSave Essentials.exe 7056 | [Owner : Jean-Marie |Parent : 824] - (.CyberLink - CyberLink RichVideo Module.) - (2.0.0.9525) = C:\PROGRA~2\CYBERL~1\SHARED~1\RICHVI~1.EXE 3556 | [Owner : Jean-Marie |Parent : 6784] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 6012 | [Owner : Jean-Marie |Parent : 448] - (.CyberLink Corp. - MediaEspresso DeviceDetector.) - (7.5.7515.60361) = C:\Program Files (x86)\CyberLink\MediaEspresso7.5\DeviceDetector\DeviceDetector7.5.exe 1256 | [Owner : Jean-Marie |Parent : 612] - (. - .) - (12.4.4.0) = I:\Data\Documents\roguekiller avec ancien logo franprix\RogueKillerX64.exe 7404 | [Owner : Système |Parent : 676] - (.CyberLink - CyberLink RichVideo Module.) - (2.0.0.9525) = C:\Program Files\CyberLink\Shared files\RichVideo64.exe 7488 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe 7656 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe 8028 | [Owner : |Parent : 676] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (10.0.14393.0) = C:\Windows\System32\sppsvc.exe 7072 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe 6492 | [Owner : LogonSessionId_0_1803397 |Parent : 676] - (.Nero AG - NeroUpdate.) - (17.0.0.3) = C:\Program Files (x86)\Nero\Update\NASvc.exe 7208 | [Owner : LogonSessionId_0_1830329 |Parent : 676] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.14393.0) = C:\Program Files\Windows Media Player\wmpnetwk.exe 8760 | [Owner : Jean-Marie |Parent : 824] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 1892 | [Owner : Jean-Marie |Parent : 1648] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.14393.0) = C:\Windows\System32\SearchProtocolHost.exe 9224 | [Owner : Jean-Marie |Parent : 448] - (.Microsoft Corporation - Standalone Updater.) - (17.3.6517.809) = C:\Users\Jean-Marie\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 9652 | [Owner : Jean-Marie |Parent : 9224] - (.Microsoft Corporation - Rapports de problèmes Windows.) - (10.0.14393.0) = C:\Windows\SysWOW64\WerFault.exe 9444 | [Owner : |Parent : 676] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MsMpEng.exe 7336 | [Owner : |Parent : 676] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 5864 | [Owner : Jean-Marie |Parent : 448] - (.Microsoft Corporation - Notification d'emplacement.) - (10.0.14393.0) = C:\Windows\System32\LocationNotificationWindows.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : Y:\Start Commandline Scanner.exe Moved to quarantine successfully : Y:\Start Emergency Kit Scanner.exe Moved to quarantine successfully : V:\Adaware_Installer.exe Moved to quarantine successfully : V:\free-youtube-downloader_setup_full1378.exe Moved to quarantine successfully : V:\gfiwebmonitor_net_x64.exe Moved to quarantine successfully : V:\HijackThisPortable_2.0.5_English.paf.exe Moved to quarantine successfully : V:\installboost.exe Moved to quarantine successfully : V:\LikeNEWPCSetup.exe Moved to quarantine successfully : V:\marmiton-install.exe Moved to quarantine successfully : V:\Ninite AdAware Installer.exe Moved to quarantine successfully : V:\partition_recovery.exe Moved to quarantine successfully : V:\pctrans_trial.exe Moved to quarantine successfully : V:\PDF_Architect_4_Installer.exe Moved to quarantine successfully : V:\RogueKillerX64.exe Moved to quarantine successfully : V:\RogueKillerX64_old.exe Moved to quarantine successfully : V:\rufus-2.10.exe Moved to quarantine successfully : V:\siinst.exe Moved to quarantine successfully : V:\spywareblastersetup55.exe Moved to quarantine successfully : V:\tvc_setup_2.0.0.145_ML.exe Moved to quarantine successfully : V:\tvc_setup_2.0.1.171.exe Moved to quarantine successfully : V:\watermark-software.exe Moved to quarantine successfully : V:\WEBMONNET_gfiwebmonitor_net_x64.exe Moved to quarantine successfully : V:\wmosetup.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Deleted : @C:\ProgramData\Temp:5C321E34 Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) G:\ : Vaccinated (Vaccin created by Usbfix) H:\ : Vaccinated (Vaccin created by Usbfix) I:\ : Vaccinated (Vaccin created by Usbfix) K:\ : Vaccinated (Vaccin created by Usbfix) L:\ : Vaccinated (Vaccin created by Usbfix) N:\ : Vaccinated (Vaccin created by Usbfix) O:\ : Vaccinated (Vaccin created by Usbfix) P:\ : Vaccinated (Vaccin created by Usbfix) U:\ : Vaccinated (Vaccin created by Usbfix) V:\ : Vaccinated (Vaccin created by Usbfix) W:\ : Vaccinated (Vaccin created by Usbfix) X:\ : Vaccinated (Vaccin created by Usbfix) Y:\ : Vaccinated (Vaccin created by Usbfix) ���������� | Hidden files ~ [Drive D:] : Hidden : 9 | Restored : 9 ~ [Drive K:] : Hidden : 1 | Restored : 1 ~ [Drive V:] : Hidden : 13 | Restored : 12 ~ [Drive C:] : Hidden : 4 | Restored : 3 ~ [Program Files] : Hidden : 7 | Restored : 7 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 8 | Restored : 8 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 48 | Restored : 45 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 12 | Restored : 12 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 954G No No 1 953,525,167 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : -> 1 End : 14:09:02 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 282