¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_09.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 10:42:35 10/13/2017 Updated 09/10/2017 | 10.10 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [henry (Administrator)] - [PCTHIBAULT] SID = S-1-5-21-4082129217-2318844860-861899141-1004 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 60 Stepping 3 CoreTemp : 39 Celsius - Max : 103 Celsius Memory RAM = Total (MB) : 8269 | Free (MB) : 6222 Pagefile = Total (MB) : 9580 | Free (MB) : 7660 Virtual = Total (MB) : 4194 | Free (MB) : 3882 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives J:\-> [Removable] | [] | Total : 1.86 Go | Free : 0.3 Go -> FAT [USB] I:\-> [Fixed] | [FC+] | Total : 45.1 Go | Free : 5.23 Go -> NTFS [USB] H:\-> [Fixed] | [BACKUP ASUS] | Total : 45.1 Go | Free : 5.61 Go -> NTFS [USB] G:\-> [Removable] | [] | Total : 3.8 Go | Free : 3.8 Go -> FAT32 [USB] F:\-> [Fixed] | [FC STOCK] | Total : 841.31 Go | Free : 399.18 Go -> NTFS [USB] D:\-> [Fixed] | [Data] | Total : 537.8 Go | Free : 253.71 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 372.16 Go | Free : 47.42 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\henry Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [13.10.2017 @ 10_40_28]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.15063.608 (© Microsoft Corporation. Tous droits réservés.) GC : 61.0.3163.100 (Copyright 2016 Google Inc. All rights reserved.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 27.0.0.130 ���������� # Security AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1132 | [Owner : |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 369.09.) - (8.17.13.6909) = C:\Windows\System32\nvvsvc.exe 2288 | [Owner : |Parent : 1132] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 2404 | [Owner : |Parent : 1000] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe 3452 | [Owner : |Parent : 1000] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.81.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 3476 | [Owner : Système |Parent : 1000] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 3844 | [Owner : LogonSessionId_0_165958 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 3992 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 4004 | [Owner : Système |Parent : 1000] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 4028 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.9.1.22) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 4044 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 4036 | [Owner : Système |Parent : 1000] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 6640 | [Owner : Système |Parent : 3452] - (.ASUSTek Computer Inc. - HControl.) - (1.0.83.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe 6700 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 6720 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6744 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 7052 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7156 | [Owner : LogonSessionId_0_347446 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 6520 | [Owner : Système |Parent : 6640] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe 7480 | [Owner : henry |Parent : 7456] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 7732 | [Owner : henry |Parent : 7032] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.19.3) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 7728 | [Owner : henry |Parent : 6912] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.31.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 7972 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe 8000 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe 8024 | [Owner : henry |Parent : 7912] - (. - .) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe 1416 | [Owner : LogonSessionId_0_437463 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 1420 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8364 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 8668 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 9188 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 5192 | [Owner : henry |Parent : 2288] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 8816 | [Owner : henry |Parent : 5192] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 7452 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 2748 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 7540 | [Owner : henry |Parent : 7480] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 3364 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 3544 | [Owner : henry |Parent : 7480] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 9240 | [Owner : henry |Parent : 7480] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 9352 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 9372 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 9444 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 9704 | [Owner : henry |Parent : 9508] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 7116 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 9140 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 6036 | [Owner : henry |Parent : 9800] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 10544 | [Owner : henry |Parent : 7436] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 10340 | [Owner : henry |Parent : 10544] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 5368 | [Owner : henry |Parent : 10340] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 8208 | [Owner : henry |Parent : 9704] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 8628 | [Owner : henry |Parent : 7480] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 408 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 9884 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 10120 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 9344 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 9668 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 9196 | [Owner : henry |Parent : 4144] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_09.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 10:47:12 10/13/2017 Updated 09/10/2017 | 10.10 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [henry (Administrator)] - [PCTHIBAULT] SID = S-1-5-21-4082129217-2318844860-861899141-1004 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 60 Stepping 3 CoreTemp : 39 Celsius - Max : 103 Celsius Memory RAM = Total (MB) : 8269 | Free (MB) : 6306 Pagefile = Total (MB) : 9580 | Free (MB) : 7707 Virtual = Total (MB) : 4194 | Free (MB) : 3921 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives J:\-> [Removable] | [] | Total : 1.86 Go | Free : 0.3 Go -> FAT [USB] I:\-> [Fixed] | [FC+] | Total : 45.1 Go | Free : 5.23 Go -> NTFS [USB] H:\-> [Fixed] | [BACKUP ASUS] | Total : 45.1 Go | Free : 5.61 Go -> NTFS [USB] G:\-> [Removable] | [] | Total : 3.8 Go | Free : 3.8 Go -> FAT32 [USB] F:\-> [Fixed] | [FC STOCK] | Total : 841.31 Go | Free : 399.18 Go -> NTFS [USB] D:\-> [Fixed] | [Data] | Total : 537.8 Go | Free : 253.71 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 372.16 Go | Free : 47.34 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\henry Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [13.10.2017 @ 10_46_27]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.15063.608 (© Microsoft Corporation. Tous droits réservés.) GC : 61.0.3163.100 (Copyright 2016 Google Inc. All rights reserved.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 27.0.0.130 ���������� # Security AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1132 | [Owner : |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 369.09.) - (8.17.13.6909) = C:\Windows\System32\nvvsvc.exe 2288 | [Owner : |Parent : 1132] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 2404 | [Owner : |Parent : 1000] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe 3452 | [Owner : |Parent : 1000] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.81.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 3476 | [Owner : Système |Parent : 1000] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 3844 | [Owner : LogonSessionId_0_165958 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 3992 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 4004 | [Owner : Système |Parent : 1000] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 4028 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.9.1.22) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 4044 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 4036 | [Owner : Système |Parent : 1000] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 6640 | [Owner : Système |Parent : 3452] - (.ASUSTek Computer Inc. - HControl.) - (1.0.83.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe 6700 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 6720 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6744 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 7052 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7156 | [Owner : LogonSessionId_0_347446 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 6520 | [Owner : Système |Parent : 6640] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe 7480 | [Owner : henry |Parent : 7456] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 7732 | [Owner : henry |Parent : 7032] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.19.3) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 7728 | [Owner : henry |Parent : 6912] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.31.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 7972 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe 8000 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe 8024 | [Owner : henry |Parent : 7912] - (. - .) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe 1416 | [Owner : LogonSessionId_0_437463 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 1420 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8364 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 8668 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 9188 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 5192 | [Owner : henry |Parent : 2288] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 8816 | [Owner : henry |Parent : 5192] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 7452 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 2748 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 7540 | [Owner : henry |Parent : 7480] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 3364 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 3544 | [Owner : henry |Parent : 7480] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 9240 | [Owner : henry |Parent : 7480] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 9352 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 9372 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 9444 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 9704 | [Owner : henry |Parent : 9508] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 7116 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 9140 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 6036 | [Owner : henry |Parent : 9800] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 10544 | [Owner : henry |Parent : 7436] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 10340 | [Owner : henry |Parent : 10544] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 5368 | [Owner : henry |Parent : 10340] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 8208 | [Owner : henry |Parent : 9704] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 8628 | [Owner : henry |Parent : 7480] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 408 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 9884 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 10120 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 9344 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 9668 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 9196 | [Owner : henry |Parent : 4144] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 9400 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 5396 | [Owner : LogonSessionId_0_15857486 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 1216 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 8428 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4628 | [Owner : LogonSessionId_0_15877934 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 4212 | [Owner : henry |Parent : 9400] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 10688 | [Owner : LogonSessionId_0_15914668 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 9392 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6556 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 560 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 11076 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6820 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 5464 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7896 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 8552 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 8924 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5848 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Notification d'emplacement.) - (10.0.15063.0) = C:\Windows\System32\LocationNotificationWindows.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_13.10.17.2 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:42:18 10/13/2017 Updated 13/10/2017 | 18.15 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [henry (Administrator)] - [PCTHIBAULT] SID = S-1-5-21-4082129217-2318844860-861899141-1004 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 60 Stepping 3 CoreTemp : 39 Celsius - Max : 103 Celsius Memory RAM = Total (MB) : 8269 | Free (MB) : 6200 Pagefile = Total (MB) : 9580 | Free (MB) : 7593 Virtual = Total (MB) : 4194 | Free (MB) : 3919 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives J:\-> [Removable] | [] | Total : 1.86 Go | Free : 0.3 Go -> FAT [USB] I:\-> [Fixed] | [FC+] | Total : 45.1 Go | Free : 5.23 Go -> NTFS [USB] H:\-> [Fixed] | [BACKUP ASUS] | Total : 45.1 Go | Free : 5.61 Go -> NTFS [USB] G:\-> [Removable] | [] | Total : 3.8 Go | Free : 3.8 Go -> FAT32 [USB] F:\-> [Fixed] | [FC STOCK] | Total : 841.31 Go | Free : 399.18 Go -> NTFS [USB] D:\-> [Fixed] | [Data] | Total : 537.8 Go | Free : 253.71 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 372.16 Go | Free : 46.74 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\henry Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [13.10.2017 @ 18_41_23]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.15063.608 (© Microsoft Corporation. Tous droits réservés.) GC : 61.0.3163.100 (Copyright 2016 Google Inc. All rights reserved.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 27.0.0.130 ���������� # Security AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1132 | [Owner : |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 369.09.) - (8.17.13.6909) = C:\Windows\System32\nvvsvc.exe 2288 | [Owner : |Parent : 1132] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 2404 | [Owner : |Parent : 1000] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe 3452 | [Owner : |Parent : 1000] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.81.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 3476 | [Owner : Système |Parent : 1000] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 3844 | [Owner : LogonSessionId_0_165958 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 3992 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 4004 | [Owner : Système |Parent : 1000] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 4028 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.9.1.22) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 4044 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 4036 | [Owner : Système |Parent : 1000] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 6640 | [Owner : Système |Parent : 3452] - (.ASUSTek Computer Inc. - HControl.) - (1.0.83.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe 6700 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 6720 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6744 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 7052 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7156 | [Owner : LogonSessionId_0_347446 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 6520 | [Owner : Système |Parent : 6640] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe 7480 | [Owner : henry |Parent : 7456] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 7732 | [Owner : henry |Parent : 7032] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.19.3) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 7728 | [Owner : henry |Parent : 6912] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.31.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 7972 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe 8000 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe 8024 | [Owner : henry |Parent : 7912] - (. - .) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe 1416 | [Owner : LogonSessionId_0_437463 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 1420 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8364 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 8668 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 9188 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 5192 | [Owner : henry |Parent : 2288] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 8816 | [Owner : henry |Parent : 5192] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 7452 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 2748 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 7540 | [Owner : henry |Parent : 7480] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 3364 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 3544 | [Owner : henry |Parent : 7480] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 9240 | [Owner : henry |Parent : 7480] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 9352 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 9372 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 9444 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 9704 | [Owner : henry |Parent : 9508] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 7116 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 9140 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 6036 | [Owner : henry |Parent : 9800] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 10544 | [Owner : henry |Parent : 7436] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 10340 | [Owner : henry |Parent : 10544] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 5368 | [Owner : henry |Parent : 10340] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 8208 | [Owner : henry |Parent : 9704] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 8628 | [Owner : henry |Parent : 7480] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 408 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 9884 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 10120 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 9344 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 9668 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 9196 | [Owner : henry |Parent : 4144] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 9400 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 5396 | [Owner : LogonSessionId_0_15857486 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 1216 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 8428 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4628 | [Owner : LogonSessionId_0_15877934 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 4212 | [Owner : henry |Parent : 9400] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 10688 | [Owner : LogonSessionId_0_15914668 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 9392 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6556 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 560 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 11076 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6820 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 5464 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7896 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 8552 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 8924 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5848 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Notification d'emplacement.) - (10.0.15063.0) = C:\Windows\System32\LocationNotificationWindows.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 8232 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 1128 | [Owner : LogonSessionId_0_17136688 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 3064 | [Owner : LogonSessionId_0_17171125 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 7668 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 8144 | [Owner : Système |Parent : 10720] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe 3968 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 1236 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4432 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4116 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 10680 | [Owner : henry |Parent : 7376] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 5000 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8704 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 10396 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 7752 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5180 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 5132 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 1516 | [Owner : henry |Parent : 10680] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 9860 | [Owner : henry |Parent : 10680] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 10136 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 7100 | [Owner : henry |Parent : 10680] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 10296 | [Owner : henry |Parent : 10680] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 5128 | [Owner : henry |Parent : 10680] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 8732 | [Owner : henry |Parent : 10680] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 9404 | [Owner : henry |Parent : 10680] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 7140 | [Owner : henry |Parent : 10680] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 4212 | [Owner : henry |Parent : 10680] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 1888 | [Owner : henry |Parent : 2236] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 9844 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 1624 | [Owner : henry |Parent : 9960] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 4600 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 10636 | [Owner : henry |Parent : 4160] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 8544 | [Owner : henry |Parent : 10636] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 536 | [Owner : henry |Parent : 8544] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 10144 | [Owner : henry |Parent : 1888] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 4836 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Background Task Host.) - (10.0.15063.0) = C:\Windows\System32\backgroundTaskHost.exe 9240 | [Owner : henry |Parent : 1420] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4082129217-2318844860-861899141-1004\$IHJU2V7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4082129217-2318844860-861899141-1004\$INYAQ4Y.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4082129217-2318844860-861899141-1004\$IXHM76V.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4082129217-2318844860-861899141-1004\$RHJU2V7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4082129217-2318844860-861899141-1004\$RNYAQ4Y.exe Deleted : HKU\S-1-5-21-4082129217-2318844860-861899141-1004\Software\bunkus.org Deleted : HKLM\Software\WOW6432Node\lc0277 Moved to quarantine successfully : J:\syncguid.dat Moved to quarantine successfully : I:\syncguid.dat Moved to quarantine successfully : H:\syncguid.dat Moved to quarantine successfully : F:\syncguid.dat Moved to quarantine successfully : C:\252E.tmp Moved to quarantine successfully : C:\368.tmp Will be moved in quarantine at reboot : D:\msdownld.tmp Moved to quarantine successfully : C:\Users\henry\AppData\Roaming\PC Remote ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive Z:] : Hidden : 394 | Restored : 394 ~ [Drive C:] : Hidden : 3 | Restored : 3 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Music] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 67 | Restored : 60 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 15 | Restored : 15 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_13.10.17.2 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:26:00 10/13/2017 Updated 13/10/2017 | 18.15 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [henry (Administrator)] - [PCTHIBAULT] SID = S-1-5-21-4082129217-2318844860-861899141-1004 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 60 Stepping 3 CoreTemp : 39 Celsius - Max : 103 Celsius Memory RAM = Total (MB) : 8269 | Free (MB) : 6343 Pagefile = Total (MB) : 9580 | Free (MB) : 7614 Virtual = Total (MB) : 4194 | Free (MB) : 3925 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives J:\-> [Removable] | [] | Total : 1.86 Go | Free : 0.3 Go -> FAT [USB] I:\-> [Fixed] | [FC+] | Total : 45.1 Go | Free : 5.23 Go -> NTFS [USB] H:\-> [Fixed] | [BACKUP ASUS] | Total : 45.1 Go | Free : 5.61 Go -> NTFS [USB] G:\-> [Removable] | [] | Total : 3.8 Go | Free : 3.8 Go -> FAT32 [USB] F:\-> [Fixed] | [FC STOCK] | Total : 841.31 Go | Free : 399.18 Go -> NTFS [USB] D:\-> [Fixed] | [Data] | Total : 537.8 Go | Free : 253.71 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 372.16 Go | Free : 48.14 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\henry Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [13.10.2017 @ 19_25_03]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.15063.608 (© Microsoft Corporation. Tous droits réservés.) GC : 61.0.3163.100 (Copyright 2016 Google Inc. All rights reserved.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 27.0.0.130 ���������� # Security AV : Windows Defender Disabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Auto(2)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1132 | [Owner : |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Driver Helper Service, Version 369.09.) - (8.17.13.6909) = C:\Windows\System32\nvvsvc.exe 2288 | [Owner : |Parent : 1132] - (.NVIDIA Corporation - NVIDIA User Experience Driver Component.) - (8.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe 2404 | [Owner : |Parent : 1000] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4549) = C:\Windows\System32\igfxCUIService.exe 3452 | [Owner : |Parent : 1000] - (.ASUSTek Computer Inc. - ASLDR Service.) - (1.0.81.2) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 3476 | [Owner : Système |Parent : 1000] - (.ASUS - GFNEXSrv.) - (1.0.11.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 3844 | [Owner : LogonSessionId_0_165958 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 3992 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 4004 | [Owner : Système |Parent : 1000] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 4028 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA GeForce ExperienceService.) - (2.9.1.22) = C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe 4044 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 4036 | [Owner : Système |Parent : 1000] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.824.23.7067) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 6640 | [Owner : Système |Parent : 3452] - (.ASUSTek Computer Inc. - HControl.) - (1.0.83.4) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe 6700 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 6720 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6744 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 7052 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7156 | [Owner : LogonSessionId_0_347446 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 6520 | [Owner : Système |Parent : 6640] - (.ASUSTek Computer Inc. - KBFiltr.) - (1.0.67.1) = C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe 7480 | [Owner : henry |Parent : 7456] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 7732 | [Owner : henry |Parent : 7032] - (.ASUSTek Computer Inc. - ATK Media.) - (2.0.19.3) = C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe 7728 | [Owner : henry |Parent : 6912] - (.ASUSTek Computer Inc. - ATKOSD2.) - (7.0.31.1) = C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe 7972 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4549) = C:\Windows\System32\igfxEM.exe 8000 | [Owner : henry |Parent : 7912] - (.Intel Corporation - igfxHK Module.) - (6.15.10.4549) = C:\Windows\System32\igfxHK.exe 8024 | [Owner : henry |Parent : 7912] - (. - .) - (0.0.0.0) = C:\Windows\System32\igfxTray.exe 1416 | [Owner : LogonSessionId_0_437463 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 1420 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8364 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 8668 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 9188 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 5192 | [Owner : henry |Parent : 2288] - (.NVIDIA Corporation - NVIDIA Settings.) - (7.17.13.6909) = C:\Program Files\NVIDIA Corporation\Display\nvtray.exe 8816 | [Owner : henry |Parent : 5192] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 7452 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 2748 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 7540 | [Owner : henry |Parent : 7480] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 3364 | [Owner : henry |Parent : 7480] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 3544 | [Owner : henry |Parent : 7480] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 9240 | [Owner : henry |Parent : 7480] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 9352 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 9372 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 9444 | [Owner : henry |Parent : 7480] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 9704 | [Owner : henry |Parent : 9508] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 7116 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 9140 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 6036 | [Owner : henry |Parent : 9800] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 10544 | [Owner : henry |Parent : 7436] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 10340 | [Owner : henry |Parent : 10544] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 5368 | [Owner : henry |Parent : 10340] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 8208 | [Owner : henry |Parent : 9704] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 8628 | [Owner : henry |Parent : 7480] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 408 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 9884 | [Owner : henry |Parent : 8628] - (.Google Inc. - Google Chrome.) - (61.0.3163.100) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 10120 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 9344 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 9668 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 9196 | [Owner : henry |Parent : 4144] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 9400 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 5396 | [Owner : LogonSessionId_0_15857486 |Parent : 1000] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8795) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 1216 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 8428 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4628 | [Owner : LogonSessionId_0_15877934 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 4212 | [Owner : henry |Parent : 9400] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 10688 | [Owner : LogonSessionId_0_15914668 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 9392 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 6556 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 560 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 11076 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6820 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 5464 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7896 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 8552 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 8924 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5848 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Notification d'emplacement.) - (10.0.15063.0) = C:\Windows\System32\LocationNotificationWindows.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 8232 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 1128 | [Owner : LogonSessionId_0_17136688 |Parent : 1000] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 3064 | [Owner : LogonSessionId_0_17171125 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 7668 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 8144 | [Owner : Système |Parent : 10720] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe 3968 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 1236 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4432 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4116 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 10680 | [Owner : henry |Parent : 7376] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 5000 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8704 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 10396 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 7752 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 5180 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 5132 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 1516 | [Owner : henry |Parent : 10680] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 9860 | [Owner : henry |Parent : 10680] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 10136 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 7100 | [Owner : henry |Parent : 10680] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 10296 | [Owner : henry |Parent : 10680] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 5128 | [Owner : henry |Parent : 10680] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 8732 | [Owner : henry |Parent : 10680] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 9404 | [Owner : henry |Parent : 10680] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 7140 | [Owner : henry |Parent : 10680] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 4212 | [Owner : henry |Parent : 10680] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 1888 | [Owner : henry |Parent : 2236] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 9844 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 1624 | [Owner : henry |Parent : 9960] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 4600 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 10636 | [Owner : henry |Parent : 4160] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 8544 | [Owner : henry |Parent : 10636] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 536 | [Owner : henry |Parent : 8544] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 10144 | [Owner : henry |Parent : 1888] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 4836 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Background Task Host.) - (10.0.15063.0) = C:\Windows\System32\backgroundTaskHost.exe 9240 | [Owner : henry |Parent : 1420] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.15063.0) = C:\Windows\SysWOW64\ctfmon.exe 3460 | [Owner : |Parent : 1000] - (.AVAST Software - Avast Service.) - (17.7.3660.0) = C:\Program Files\AVAST Software\Avast\AvastSvc.exe 4296 | [Owner : |Parent : 1000] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 7492 | [Owner : SERVICE LOCAL |Parent : 10024] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 10208 | [Owner : LogonSessionId_0_32357197 |Parent : 1000] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 11052 | [Owner : Système |Parent : 1000] - (.Apple Inc. - MobileDeviceService.) - (17.423.0.23) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 5000 | [Owner : Système |Parent : 7488] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe 5932 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 10816 | [Owner : henry |Parent : 2184] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 10176 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 2864 | [Owner : henry |Parent : 1572] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 10464 | [Owner : henry |Parent : 8968] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.674) = C:\Windows\explorer.exe 8804 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 228 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8640 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 5796 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Reminders WinRT OOP Server.) - (10.0.15063.0) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe 8920 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.15063.674) = C:\Windows\System32\SettingSyncHost.exe 3660 | [Owner : henry |Parent : 6812] - (.AsusTek - ASUS Smart Gesture Loader.) - (1.0.51.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe 10580 | [Owner : henry |Parent : 10464] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 3164 | [Owner : henry |Parent : 3660] - (.AsusTek - ASUS Smart Gesture Center.) - (1.0.0.87) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe 3584 | [Owner : henry |Parent : 10464] - (.Saitek - Saitek MFD File System Driver.) - (7.0.27.13) = C:\Program Files\SmartTechnology\Software\SaiMfd.exe 10140 | [Owner : henry |Parent : 10464] - (.NVIDIA Corporation - NVIDIA Backend.) - (20.14.1.0) = C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe 6224 | [Owner : henry |Parent : 3164] - (.AsusTek - ASUS Smart Gesture Helper.) - (1.0.22.0) = C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe 4864 | [Owner : henry |Parent : 10464] - (.Microsoft Corporation - Microsoft OneDrive.) - (17.3.6998.830) = C:\Users\henry\AppData\Local\Microsoft\OneDrive\OneDrive.exe 7828 | [Owner : henry |Parent : 10464] - (.PC Remote - PC Remote Server.) - (3.51.0.0) = C:\Program Files (x86)\PC Remote\PC Remote\PCRemote.exe 1040 | [Owner : henry |Parent : 10464] - (.Hewlett-Packard Co. - ScanToPCActivationApp.) - (28.0.1315.0) = C:\Program Files\HP\HP Photosmart Plus B210 series\Bin\ScanToPCActivationApp.exe 7164 | [Owner : henry |Parent : 10464] - (.Apple Inc. - iCloud Services.) - (63.0.0.52) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe 10536 | [Owner : henry |Parent : 10464] - (.Apple Inc. - iCloud Drive.) - (1.7.16.46) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe 9044 | [Owner : henry |Parent : 10464] - (.Apple Inc. - iCloud Photo Library.) - (139.0.0.1) = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudPhotos.exe 1976 | [Owner : henry |Parent : 7644] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe 9372 | [Owner : henry |Parent : 712] - (.Apple Inc. - Apple Push.) - (2.7.6.52) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe 7136 | [Owner : henry |Parent : 712] - (.Apple, Inc. - Apple Security Manager.) - (102.0.0.70) = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe 1436 | [Owner : henry |Parent : 10576] - (.Microsoft Corporation - Microsoft (r) Windows Based Script Host.) - (5.6.0.8820) = D:\henry\henryhost.exe 7992 | [Owner : Système |Parent : 1000] - (.NVIDIA Corporation - NVIDIA Network Service.) - (2.4.13.69) = C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe 1428 | [Owner : henry |Parent : 1000] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 11204 | [Owner : henry |Parent : 1976] - (.Oracle Corporation - Java Update Checker.) - (2.8.121.13) = C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe 7204 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe 568 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Store.) - (11708.1001.30.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11708.1001.30.0_x64__8wekyb3d8bbwe\WinStore.App.exe 9136 | [Owner : henry |Parent : 712] - (. - .) - (2017.39081.15820.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39081.15820.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 10796 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Paramètres.) - (10.0.15063.502) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe 6916 | [Owner : henry |Parent : 712] - (. - .) - (10.1709.1709.27003) = C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1709.2703.0_x64__8wekyb3d8bbwe\Calculator.exe 11100 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - Background Task Host.) - (10.0.15063.0) = C:\Windows\System32\backgroundTaskHost.exe 10376 | [Owner : henry |Parent : 712] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Will be moved in quarantine at reboot : D:\msdownld.tmp Moved to quarantine successfully : C:\Users\henry\AppData\Roaming\PC Remote ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 8 | Restored : 1