¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:25:46 12/17/2017 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Homer (Administrator)] - [DESKTOP-JFM80M4] SID = S-1-5-21-1156329455-2891013897-2829761496-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : Pentium(R) Dual-Core CPU E5700 @ 3.00GHz Identifier : Intel64 Family 6 Model 23 Stepping 10 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 4194 | Free (MB) : 2733 Pagefile = Total (MB) : 4914 | Free (MB) : 3488 Virtual = Total (MB) : 4194 | Free (MB) : 3932 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives E:\-> [Fixed] | [] | Total : 344.99 Go | Free : 313.02 Go -> NTFS [SATA] D:\-> [Fixed] | [] | Total : 293.26 Go | Free : 290.79 Go -> NTFS [SATA] C:\-> [Fixed] | [] | Total : 292.77 Go | Free : 238.47 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated Windows Is Activated Possible Fixed Windows ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\defaultuser0 C:\Users\Homer Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [17.12.2017 @ 20_24_45]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.15063.608 (© Microsoft Corporation. Alle Rechte vorbehalten.) GC : 63.0.3239.84 (Copyright 2016 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 28.0.0.126 Plugin : 28.0.0.126 ���������� # Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1088 | [Owner : |Parent : 616] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 1676 | [Owner : |Parent : 616] - (.Microsoft Corporation - Spoolersubsystem-Anwendung.) - (10.0.15063.608) = C:\Windows\System32\spoolsv.exe 2488 | [Owner : |Parent : 616] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.674) = C:\Windows\System32\SecurityHealthService.exe 2616 | [Owner : |Parent : 616] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.12.17007.17123) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\MsMpEng.exe 2848 | [Owner : Lokaler Dienst |Parent : 2312] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.15063.0) = C:\Windows\System32\dasHost.exe 2884 | [Owner : Administratoren |Parent : 616] - (.Microsoft Corporation - Microsoft Office Click-to-Run (SxS).) - (16.0.8730.2127) = C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe 3464 | [Owner : Administratoren |Parent : 616] - (.Microvirt Software Technology Co. Ltd. - MEmu Service.) - (3.0.0.0) = D:\Program Files\Microvirt\MEmu\MemuService.exe 4672 | [Owner : |Parent : 616] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.12.17007.17123) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.12.17007.17123-0\NisSrv.exe 4480 | [Owner : LogonSessionId_0_1017846 |Parent : 616] - (.Microsoft Corporation - Microsoft Windows Search-Indexerstellung.) - (7.0.15063.413) = C:\Windows\System32\SearchIndexer.exe 2648 | [Owner : SYSTEM |Parent : 5112] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler.exe 6232 | [Owner : SYSTEM |Parent : 5112] - (.Google Inc. - Google Crash Handler.) - (1.3.33.7) = C:\Program Files (x86)\Google\Update\1.3.33.7\GoogleCrashHandler64.exe 4356 | [Owner : SYSTEM |Parent : 7980] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.608) = C:\Windows\System32\fontdrvhost.exe 7384 | [Owner : Administratoren |Parent : 1088] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 7988 | [Owner : Lokaler Dienst |Parent : 1136] - (.Microsoft Corporation - Windows Driver Foundation - Benutzermodus-Treiberframework-Hostprozess.) - (10.0.15063.0) = C:\Windows\System32\WUDFHost.exe 5720 | [Owner : Homer |Parent : 616] - (.Microsoft Corporation - Hostprozess für Windows-Dienste.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 4328 | [Owner : Homer |Parent : 1976] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 8836 | [Owner : Homer |Parent : 616] - (.Microsoft Corporation - Hostprozess für Windows-Dienste.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 796 | [Owner : Homer |Parent : 840] - (.Microsoft Corporation - Windows-Hostprozess (Rundll32).) - (10.0.15063.0) = C:\Windows\System32\rundll32.exe 2708 | [Owner : Homer |Parent : 8716] - (.Microsoft Corporation - Windows-Explorer.) - (10.0.15063.674) = C:\Windows\explorer.exe 5340 | [Owner : Homer |Parent : 1356] - (.Microsoft Corporation - Hostprozess für Windows-Aufgaben.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 7104 | [Owner : Homer |Parent : 840] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8632 | [Owner : Homer |Parent : 840] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 9064 | [Owner : Homer |Parent : 840] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 6964 | [Owner : Homer |Parent : 2708] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.11.15063.0) = C:\Program Files\Windows Defender\MSASCuiL.exe 8832 | [Owner : Homer |Parent : 2708] - (.Skype Technologies S.A. - Skype .) - (7.40.0.104) = C:\Program Files (x86)\Skype\Phone\Skype.exe 8620 | [Owner : Administratoren |Parent : 6584] - (.Piriform Ltd - CCleaner.) - (5.32.0.6129) = C:\Program Files\CCleaner\CCleaner64.exe 5152 | [Owner : Homer |Parent : 616] - (.Microsoft Corporation - Hostprozess für Windows-Dienste.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 6108 | [Owner : Homer |Parent : 840] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe 6832 | [Owner : Homer |Parent : 840] - (. - .) - (2017.39101.16720.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.39101.16720.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 6844 | [Owner : Homer |Parent : 840] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.674) = C:\Windows\System32\smartscreen.exe 9100 | [Owner : SYSTEM |Parent : 4480] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.15063.447) = C:\Windows\System32\SearchProtocolHost.exe 3904 | [Owner : SYSTEM |Parent : 4480] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.15063.0) = C:\Windows\System32\SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive Z:] : Hidden : 1 | Restored : 1 ~ [Drive C:] : Hidden : 4 | Restored : 4 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 59 | Restored : 58 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 8 | Restored : 8 End : 21:04:49 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 196