¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 7_31.01.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 14:41:22 02/25/2017 Updated 31/01/2017 | 09.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-B0SD4CH] SID = S-1-5-21-3570498820-3362542479-2466686060-1001 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2007 Pagefile = Total (MB) : 3748 | Free (MB) : 2134 Virtual = Total (MB) : 4194 | Free (MB) : 3994 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives V:\ -> [Removable] | [FOLD-IT SAR] | Total : 14.91 Go | Free : 4.62 Go -> FAT32 [USB] U:\ -> [Removable] | [PARTED MAGI] | Total : 15 Go | Free : 0.32 Go -> FAT32 [USB] T:\ -> [Removable] | [WINTOBOOTIC] | Total : 57.91 Go | Free : 45.01 Go -> NTFS [USB] S:\ -> [Removable] | [YUMI SARDU] | Total : 14.31 Go | Free : 8.54 Go -> FAT32 [USB] Q:\ -> [Removable] | [montre espi] | Total : 7.32 Go | Free : 4.56 Go -> FAT32 [USB] P:\ -> [Removable] | [séjour pari] | Total : 117.02 Go | Free : 17.95 Go -> exFAT [USB] O:\ -> [Removable] | [wintobootic] | Total : 119.5 Go | Free : 106.64 Go -> NTFS [USB] N:\ -> [Fixed] | [zalman ZM- VE350] | Total : 931.06 Go | Free : 405.8 Go -> NTFS [USB] L:\ -> [Fixed] | [PARTED MAGI] | Total : 57.89 Go | Free : 24.85 Go -> FAT32 [USB] K:\ -> [Removable] | [EMTECH YUMI] | Total : 57.68 Go | Free : 0.35 Go -> FAT32 [USB] J:\ -> [Removable] | [sandisk con] | Total : 119.06 Go | Free : 15.56 Go -> exFAT [USB] I:\ -> [Fixed] | [events 11-16 fev 2017] | Total : 465.76 Go | Free : 108.91 Go -> NTFS [USB] G:\ -> [Removable] | [] | Total : 183.3 Go | Free : 68.06 Go -> exFAT [USB] F:\ -> [Removable] | [VAULT PRIVA] | Total : 3.48 Go | Free : 0.06 Go -> FAT32 [USB] E:\ -> [CDROM] | [DTVP30] | Total : 0.02 Go | Free : 0 Go -> CDFS [USB] C:\ -> [Fixed] | [WinToUSB] | Total : 115.59 Go | Free : 97.19 Go -> NTFS [USB] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [25.02.2017 @ 14_35_03]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.10240.16412 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 18.0.0.228 ���������� # Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : adaware firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 4020 | [Owner : Système |Parent : 696] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.10240.16392) = C:\Windows\System32\SearchIndexer.exe 5892 | [Owner : jean- |Parent : 1396] - (.SosVirus - Process Killer.) - (8.1.17.1) = G:\stop photodirector 9 process by sosvirus\processclose_2_08.01.17.1.exe 5784 | [Owner : Système |Parent : 696] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MsMpEng.exe 3216 | [Owner : SERVICE LOCAL |Parent : 696] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\NisSrv.exe 2868 | [Owner : SERVICE LOCAL |Parent : 412] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.10240.16384) = C:\Windows\System32\WUDFHost.exe 3340 | [Owner : Système |Parent : 696] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.10240.16384) = C:\Windows\System32\spoolsv.exe 4976 | [Owner : jean- |Parent : 696] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.10240.16384) = C:\Windows\System32\svchost.exe 2084 | [Owner : SERVICE RÉSEAU |Parent : 4156] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.8.10240.16384) = C:\Program Files\Windows Defender\MpCmdRun.exe 1276 | [Owner : jean- |Parent : 788] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.10240.16384) = C:\Windows\System32\SettingSyncHost.exe 5976 | [Owner : jean- |Parent : 788] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.10240.16601) = C:\Windows\explorer.exe 3220 | [Owner : jean- |Parent : 788] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10240.16384) = C:\Windows\System32\rundll32.exe 4844 | [Owner : jean- |Parent : 788] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10240.16384) = C:\Windows\System32\rundll32.exe 4908 | [Owner : jean- |Parent : 788] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10240.16384) = C:\Windows\System32\rundll32.exe 3112 | [Owner : Système |Parent : 648] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.10240.16485) = C:\Windows\System32\fontdrvhost.exe 4224 | [Owner : jean- |Parent : 3524] - (.TweakBit - Anti-Malware.) - (2.0.0.0) = C:\Program Files (x86)\TweakBit\Anti-Malware\AntiMalware.exe 4384 | [Owner : jean- |Parent : 3076] - (. - DTVaultPrivacy MFC Application.) - (3.0.0.6) = C:\Users\jean-\AppData\Local\Temp\DTVaultPrivacy30-0512-E\DTVP30_Launcher.exe 5408 | [Owner : jean- |Parent : 4484] - (.ClevX, LLC - Removable Media Antivirus.) - (3.17.0.10) = F:\DriveD.exe 4884 | [Owner : jean- |Parent : 4472] - (. - .) - (0.0.0.0) = C:\Users\jean-\Desktop\Power2Go_11.0.1013.0_Essential_Essential_P2G160727-05.exe 3252 | [Owner : Système |Parent : 696] - (.Chip Digital GmbH - chip 1-click installer.) - (3.6.9.0) = C:\Program Files (x86)\Chip Digital GmbH\chip1click\chip 1-click installer.exe 2120 | [Owner : jean- |Parent : 5976] - (.Easersoft Inc. - ExtremeCopy Main Module 64bits.) - (2.3.4.0) = C:\Program Files\Easersoft\ExtremeCopy\ExtremeCopy.exe 5516 | [Owner : jean- |Parent : 2496] - (. - .) - (1.1.0.0) = C:\Program Files\UCheck\UCheck64.exe 4716 | [Owner : jean- |Parent : 1008] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.10240.16384) = C:\Windows\System32\taskhostw.exe 3628 | [Owner : Système |Parent : 696] - (.IObit - Advanced SystemCare Service.) - (10.0.2.82) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe 5092 | [Owner : jean- |Parent : 6064] - (.Microsoft Corporation - Internet Explorer.) - (11.0.10240.16412) = C:\Program Files\Internet Explorer\iexplore.exe 3868 | [Owner : jean- |Parent : 5092] - (.Microsoft Corporation - Internet Explorer.) - (11.0.10240.16412) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 5724 | [Owner : jean- |Parent : 6064] - (.IObit - Advanced SystemCare 10.) - (10.2.0.721) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe 1252 | [Owner : jean- |Parent : 6064] - (.IObit - Performance Monitor.) - (10.1.4.1357) = C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe 5224 | [Owner : jean- |Parent : 5724] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3117) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe 2232 | [Owner : jean- |Parent : 4200] - (.IObit - UninstallMontior.) - (6.0.0.190) = C:\Program Files (x86)\IObit\Advanced SystemCare\PubMonitor.exe 4964 | [Owner : SERVICE LOCAL |Parent : 412] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.10240.16384) = C:\Windows\System32\dasHost.exe 1552 | [Owner : jean- |Parent : 788] - (.Wondershare - Wondershare Studio.) - (2.5.2.3) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe 1104 | [Owner : jean- |Parent : 6064] - (. - .) - (1.1.0.0) = C:\Program Files\UCheck\UCheck64.exe 852 | [Owner : jean- |Parent : 6064] - (. - .) - (1.1.0.0) = C:\Program Files\UCheck\UCheck64.exe 3828 | [Owner : jean- |Parent : 4452] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.10240.16384) = C:\Windows\System32\Taskmgr.exe 1756 | [Owner : jean- |Parent : 424] - (.CyberLink Corp. - .) - (1.0.0.0) = C:\Users\jean-\AppData\Local\Temp\RarSFX0\WVEditor\Setup.exe 3956 | [Owner : jean- |Parent : 1756] - (.Igor Pavlov - 7-Zip Console.) - (16.2.0.0) = C:\Users\jean-\AppData\Local\Temp\RarSFX0\WVEditor\7z.exe 2596 | [Owner : jean- |Parent : 3956] - (.Microsoft Corporation - Console Window Host.) - (10.0.10240.16384) = C:\Windows\System32\conhost.exe 3184 | [Owner : jean- |Parent : 788] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.10240.16384) = C:\Windows\System32\rundll32.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\Windows\system32\userinit.exe -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of U:\AUTORUN.INF : Content of K:\AUTORUN.INF : Content of I:\autorun.inf : [AutoRun] open=DTVP30_Launcher.exe icon=DTVP30_Launcher.exe,0 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll