¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_13.07.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 12:50:17 08/24/2017 Updated 13/07/2017 | 18.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1507 Pagefile = Total (MB) : 7549 | Free (MB) : 5293 Virtual = Total (MB) : 4194 | Free (MB) : 3885 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives G:\-> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 97 Go -> NTFS [USB] F:\-> [CDROM] | [Mes Sauvegardes (#1)] | Total : 0.99 Go | Free : 0 Go -> UDF [SATA] C:\-> [Fixed] | [OS] | Total : 930.26 Go | Free : 753.41 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\jean- C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [24.08.2017 @ 12_09_23]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.726 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 26.0.0.151 Plugin : 26.0.0.151 ���������� # Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 2964 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 3476 | [Owner : |Parent : 896] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.726) = C:\Windows\System32\SearchIndexer.exe 6044 | [Owner : |Parent : 896] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.726) = C:\Program Files\Windows Defender\MsMpEng.exe 5472 | [Owner : |Parent : 896] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 5876 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 8064 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 10188 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.726) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6596 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 6320 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 2356 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 7816 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 5968 | [Owner : jean- |Parent : 896] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 4292 | [Owner : Système |Parent : 896] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit Service.) - (1.10.1.24) = C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe 2540 | [Owner : Système |Parent : 4292] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit 64bit tasks.) - (1.10.1.24) = C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe 12000 | [Owner : Système |Parent : 2540] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe 3312 | [Owner : jean- |Parent : 10692] - (.Malwarebytes - AdwCleaner.) - (7.0.2.0) = C:\Users\jean-\Downloads\adwcleaner_7.0.2.0.exe 1816 | [Owner : jean- |Parent : 5876] - (.Microsoft Corporation - Bloc-notes.) - (10.0.14393.0) = C:\Windows\System32\notepad.exe 6844 | [Owner : jean- |Parent : 3312] - (.Microsoft Corporation - Bloc-notes.) - (10.0.14393.0) = C:\Windows\System32\notepad.exe 9704 | [Owner : jean- |Parent : 5876] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 7620 | [Owner : Système |Parent : 1080] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15156.1008) = C:\Windows\System32\CompatTelRunner.exe 8376 | [Owner : Système |Parent : 7620] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe 4824 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 7348 | [Owner : jean- |Parent : 5876] - (.Disc Soft Ltd. - DAEMON Tools Lite Installer.) - (1.4.24.0) = C:\Users\jean-\Desktop\Xubuntu live creators for samsung fit sfce\DTLiteInstaller.exe 11456 | [Owner : jean- |Parent : 7348] - (. - Installer.) - (1.0.0.0) = C:\Users\jean-\AppData\Local\Temp\AppInstaller.exe 6940 | [Owner : jean- |Parent : 5876] - (.Disc Soft Ltd - DAEMON Tools Pro Setup.) - (8.2.0.708) = C:\Users\jean-\Desktop\Xubuntu live creators for samsung fit sfce\DTPro820-0708.exe 11944 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe 4744 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_13.07.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:52:01 08/24/2017 Updated 13/07/2017 | 18.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2267 Pagefile = Total (MB) : 7549 | Free (MB) : 6279 Virtual = Total (MB) : 4194 | Free (MB) : 3940 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives H:\-> [Removable] | [audio playe] | Total : 59.45 Go | Free : 46.23 Go -> exFAT [USB] G:\-> [Fixed] | [wd MY passport 2TO] | Total : 2794.49 Go | Free : 96.98 Go -> NTFS [USB] F:\-> [CDROM] | [Mes Sauvegardes (#1)] | Total : 0.99 Go | Free : 0 Go -> UDF [SATA] D:\-> [Removable] | [SAMSUNG FIT 128] | Total : 119.5 Go | Free : 118.84 Go -> NTFS [USB] C:\-> [Fixed] | [OS] | Total : 930.26 Go | Free : 763.88 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\jean- C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [24.08.2017 @ 20_30_52]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.726 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 26.0.0.151 Plugin : 26.0.0.151 ���������� # Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 2964 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 3476 | [Owner : |Parent : 896] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.726) = C:\Windows\System32\SearchIndexer.exe 6044 | [Owner : |Parent : 896] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.726) = C:\Program Files\Windows Defender\MsMpEng.exe 5472 | [Owner : |Parent : 896] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 5876 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 8064 | [Owner : jean- |Parent : 808] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 10188 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.726) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6596 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 6320 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 2356 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 7816 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 5968 | [Owner : jean- |Parent : 896] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 4292 | [Owner : Système |Parent : 896] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit Service.) - (1.10.1.24) = C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe 2540 | [Owner : Système |Parent : 4292] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit 64bit tasks.) - (1.10.1.24) = C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe 12000 | [Owner : Système |Parent : 2540] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe 3312 | [Owner : jean- |Parent : 10692] - (.Malwarebytes - AdwCleaner.) - (7.0.2.0) = C:\Users\jean-\Downloads\adwcleaner_7.0.2.0.exe 1816 | [Owner : jean- |Parent : 5876] - (.Microsoft Corporation - Bloc-notes.) - (10.0.14393.0) = C:\Windows\System32\notepad.exe 6844 | [Owner : jean- |Parent : 3312] - (.Microsoft Corporation - Bloc-notes.) - (10.0.14393.0) = C:\Windows\System32\notepad.exe 9704 | [Owner : jean- |Parent : 5876] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 7620 | [Owner : Système |Parent : 1080] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15156.1008) = C:\Windows\System32\CompatTelRunner.exe 8376 | [Owner : Système |Parent : 7620] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe 4824 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 7348 | [Owner : jean- |Parent : 5876] - (.Disc Soft Ltd. - DAEMON Tools Lite Installer.) - (1.4.24.0) = C:\Users\jean-\Desktop\Xubuntu live creators for samsung fit sfce\DTLiteInstaller.exe 11456 | [Owner : jean- |Parent : 7348] - (. - Installer.) - (1.0.0.0) = C:\Users\jean-\AppData\Local\Temp\AppInstaller.exe 6940 | [Owner : jean- |Parent : 5876] - (.Disc Soft Ltd - DAEMON Tools Pro Setup.) - (8.2.0.708) = C:\Users\jean-\Desktop\Xubuntu live creators for samsung fit sfce\DTPro820-0708.exe 11944 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Background Task Host.) - (10.0.14393.0) = C:\Windows\System32\backgroundTaskHost.exe 4744 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 6044 | [Owner : |Parent : 896] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.726) = C:\Program Files\Windows Defender\MsMpEng.exe 5472 | [Owner : |Parent : 896] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 12236 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 8108 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 7948 | [Owner : SERVICE LOCAL |Parent : 1080] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 8844 | [Owner : Système |Parent : 1080] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.15156.1008) = C:\Windows\System32\CompatTelRunner.exe 5068 | [Owner : Système |Parent : 8844] - (.Microsoft Corporation - Console Window Host.) - (10.0.14393.0) = C:\Windows\System32\conhost.exe 6356 | [Owner : jean- |Parent : 12236] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 6864 | [Owner : jean- |Parent : 6356] - (.IvoSoft - Classic Start Menu.) - (4.3.0.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe 3860 | [Owner : LogonSessionId_0_87688171 |Parent : 896] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.726) = C:\Windows\System32\SearchIndexer.exe 10624 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 9592 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.726) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 3584 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 6620 | [Owner : jean- |Parent : 572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 5760 | [Owner : jean- |Parent : 6356] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 4868 | [Owner : jean- |Parent : 6356] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 7104 | [Owner : jean- |Parent : 6356] - (.Ashampoo Development GmbH & Co. KG - Ashampoo UI 2017.) - (6.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Uninstaller 2017\UI2017.exe 3060 | [Owner : jean- |Parent : 6356] - (.Ashampoo Development GmbH & Co. KG - Ashampoo UI 6.) - (6.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 6\UI6.exe 8368 | [Owner : jean- |Parent : 6112] - (.IObit - IObit Uninstaller.) - (7.0.2.32) = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe 652 | [Owner : jean- |Parent : 8368] - (.IObit - UninstallerMonitor.) - (7.0.2.942) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe 3952 | [Owner : jean- |Parent : 2640] - (.WiseCleaner.com - Wise Duplicate Finder.) - (1.2.1.23) = C:\Program Files (x86)\Wise\Wise Duplicate Finder\WiseDuplicateFinder.exe 10984 | [Owner : Système |Parent : 896] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit Service.) - (1.10.1.24) = C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe 9604 | [Owner : Système |Parent : 10984] - (.Malwarebytes Corporation - Malwarebytes Anti-Exploit 64bit tasks.) - (1.10.1.24) = C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe 2464 | [Owner : jean- |Parent : 3952] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.2.0.708) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe 8804 | [Owner : Système |Parent : 896] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.2.0.708) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe 3284 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.14393.726) = C:\Windows\System32\SettingSyncHost.exe 10588 | [Owner : jean- |Parent : 8368] - (.CyberLink Corp. - .) - (1.0.0.0) = C:\Program Files (x86)\NSIS Uninstall Information\{6F03FE01-FD5D-4D97-ABA5-7CF4C0BF0F15}\Setup.exe 11164 | [Owner : jean- |Parent : 10588] - (.CyberLink Corp. - .) - (1.0.0.0) = C:\Program Files (x86)\NSIS Uninstall Information\{80986AB6-3CB0-49db-AB48-1600844D6374}\Setup.exe 11440 | [Owner : jean- |Parent : 8368] - (.CyberLink Corp. - .) - (1.0.0.0) = C:\Program Files (x86)\NSIS Uninstall Information\{FBFC2A17-8C05-4F92-A2A9-236C51D62E55}\Setup.exe 11040 | [Owner : jean- |Parent : 988] - (. - .) - (11.7.113.0) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.7.113.0_x64__kzf8qxf38zg5c\SkypeHost.exe 5188 | [Owner : jean- |Parent : 8368] - (.CyberLink Corp. - .) - (1.0.0.0) = C:\Program Files (x86)\NSIS Uninstall Information\{1A7C4187-2C87-4689-AD7D-66429E8A7475}\Setup.exe 5568 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.14393.726) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 12080 | [Owner : jean- |Parent : 8368] - (.CyberLink Corp. - .) - (1.0.0.0) = C:\Program Files (x86)\NSIS Uninstall Information\{80986AB6-3CB0-49db-AB48-1600844D6374}\Setup.exe 6668 | [Owner : LogonSessionId_0_91454234 |Parent : 896] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.14393.0) = C:\Windows\System32\msiexec.exe 4808 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 1848 | [Owner : |Parent : 828] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.726) = C:\Program Files\Windows Defender\MsMpEng.exe 900 | [Owner : jean- |Parent : 1032] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 1204 | [Owner : jean- |Parent : 1172] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 2124 | [Owner : jean- |Parent : 1204] - (.IvoSoft - Classic Start Menu.) - (4.3.0.0) = C:\Program Files\Classic Shell\ClassicStartMenu.exe 2180 | [Owner : jean- |Parent : 1204] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.14393.0) = C:\Windows\System32\ctfmon.exe 2508 | [Owner : jean- |Parent : 1204] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 2756 | [Owner : jean- |Parent : 924] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.726) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2852 | [Owner : jean- |Parent : 924] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 2496 | [Owner : jean- |Parent : 924] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.14393.0) = C:\Windows\HelpPane.exe 1320 | [Owner : jean- |Parent : 924] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 2996 | [Owner : jean- |Parent : 924] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 3480 | [Owner : Système |Parent : 776] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.726) = C:\Windows\System32\fontdrvhost.exe 1656 | [Owner : jean- |Parent : 3368] - (.Microsoft Corporation - Internet Explorer.) - (11.0.14393.726) = C:\Program Files\Internet Explorer\iexplore.exe 2696 | [Owner : jean- |Parent : 1656] - (.Microsoft Corporation - Internet Explorer.) - (11.0.14393.726) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 2464 | [Owner : jean- |Parent : 3368] - (.IObit - Advanced SystemCare 10.) - (10.3.0.745) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe 932 | [Owner : jean- |Parent : 3368] - (.IObit - Performance Monitor.) - (10.1.4.1364) = C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe 3724 | [Owner : jean- |Parent : 2464] - (.IObit - Advanced SystemCare 10.) - (10.0.1.3125) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe 3728 | [Owner : jean- |Parent : 2464] - (.IObit - .) - (10.1.4.161) = C:\Program Files (x86)\IObit\Advanced SystemCare\smBootTime.exe 1504 | [Owner : jean- |Parent : 924] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.14393.726) = C:\Windows\explorer.exe 3676 | [Owner : jean- |Parent : 1504] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.2.0.708) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Browser]~[Start] : 2 -> 3 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wwansvc]~[Start] : 2 -> 3 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001_Classes\Software\Locky Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Locky Deleted : HKU\S-1-5-20\Software\Locky Deleted : HKU\S-1-5-19\Software\Locky Deleted : HKLM\Software\abb Moved to quarantine successfully : C:\Users\jean-\AppData\Roaming\inst.exe Moved to quarantine successfully : C:\Users\jean-\AppData\Local\TempradD6388.tmp Moved to quarantine successfully : H:\advanced-systemcare-free_10-3-0-745_fr_403234(1).exe Moved to quarantine successfully : H:\advanced-systemcare-free_10-3-0-745_fr_403234.exe Moved to quarantine successfully : H:\advanced-systemcare-setup (1)(1).exe Moved to quarantine successfully : H:\advanced-systemcare-setup (1).exe Moved to quarantine successfully : H:\advanced-systemcare-setup(1).exe Moved to quarantine successfully : H:\advanced-systemcare-setup.exe Moved to quarantine successfully : H:\SFTGC.exe Moved to quarantine successfully : H:\TechToolStore.exe Moved to quarantine successfully : G:\start commandline scanner.exe Moved to quarantine successfully : G:\start emergency kit scanner.exe Moved to quarantine successfully : G:\StartCodySafe.exe Moved to quarantine successfully : G:\updater.exe Moved to quarantine successfully : D:\advanced-systemcare-free_10-3-0-745_fr_403234(1).exe Moved to quarantine successfully : D:\advanced-systemcare-free_10-3-0-745_fr_403234.exe Moved to quarantine successfully : D:\advanced-systemcare-setup (1)(1).exe Moved to quarantine successfully : D:\advanced-systemcare-setup (1).exe Moved to quarantine successfully : D:\advanced-systemcare-setup(1).exe Moved to quarantine successfully : D:\advanced-systemcare-setup.exe Moved to quarantine successfully : C:\repairs_running.dat Moved to quarantine successfully : C:\repair_starting.dat Moved to quarantine successfully : G:\CsLib.dll Moved to quarantine successfully : G:\Interop.RocketDivision.StarBurnX.dll Moved to quarantine successfully : G:\LogicNP.FileView.dll Moved to quarantine successfully : G:\LogicNP.ShComboBox.dll Moved to quarantine successfully : G:\Newtonsoft.Json.dll Moved to quarantine successfully : G:\sptdintf.dll Moved to quarantine successfully : G:\StarBurnX15.dll Moved to quarantine successfully : G:\taglib-sharp.dll Moved to quarantine successfully : H:\Pre_Scan_Donate.lnk Moved to quarantine successfully : H:\Pre_Scan_Restore.lnk Moved to quarantine successfully : H:\VirusTotal Uploader 2.2.lnk Moved to quarantine successfully : H:\pre-scan_7_13.07.17.1.scr Moved to quarantine successfully : H:\quickdiag_3_01.07.17.1.scr Moved to quarantine successfully : H:\SFTGC.scr Moved to quarantine successfully : D:\pre-scan_7_13.07.17.1.scr Moved to quarantine successfully : D:\quickdiag_3_01.07.17.1.scr Moved to quarantine successfully : D:\SFTGC.scr Will be moved in quarantine at reboot : G:\msdownld.tmp Moved to quarantine successfully : G:\data.ico Moved to quarantine successfully : G:\iso.ico Moved to quarantine successfully : G:\Jumplist.Copy.ico Moved to quarantine successfully : G:\Jumplist.Data.ico Moved to quarantine successfully : G:\Jumplist.Erase.ico Moved to quarantine successfully : C:\Users\jean-\AppData\Roaming\Burnaware Moved to quarantine successfully : H:\desktop.ini Moved to quarantine successfully : G:\desktop.ini Will be moved in quarantine at reboot : C:\WINDOWS\1 ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) G:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive G:] : Hidden : 1 | Restored : 1 ~ [Drive H:] : Hidden : 2 | Restored : 2 ~ [Drive C:] : Hidden : 3 | Restored : 3 ~ [Program Files] : Hidden : 19 | Restored : 19 ~ [Desktop] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 17 | Restored : 17 ~ [AppData] : Hidden : 1 | Restored : 1 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 End : 01:25:10 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 425