¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 16:50:57 03/12/2018 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2616 Pagefile = Total (MB) : 4272 | Free (MB) : 3391 Virtual = Total (MB) : 4194 | Free (MB) : 3896 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives T:\-> [CDROM] | [DTVP30] | Total : 0.02 Go | Free : 0 Go -> CDFS [USB] S:\-> [Removable] | [samsung fit] | Total : 119.5 Go | Free : 118.38 Go -> NTFS [USB] R:\-> [Removable] | [FRAMA SALIX] | Total : 1.86 Go | Free : 1.86 Go -> FAT32 [USB] Q:\-> [Removable] | [windows to go 1] | Total : 57.66 Go | Free : 57.34 Go -> NTFS [USB] P:\-> [Removable] | [COMPANION wintobootic] | Total : 30.03 Go | Free : 3.15 Go -> NTFS [USB] M:\-> [Removable] | [FLASHAIR SD] | Total : 14.41 Go | Free : 13.35 Go -> FAT32 [USB] L:\-> [Removable] | [SFCE XFCE] | Total : 115.66 Go | Free : 112.63 Go -> FAT32 [USB] K:\-> [Removable] | [FRAMA SALIX] | Total : 14.53 Go | Free : 14.53 Go -> FAT32 [USB] J:\-> [Removable] | [FOLD-ISARDU] | Total : 14.9 Go | Free : 11.87 Go -> FAT32 [USB] H:\-> [Removable] | [UBUNTU MATE] | Total : 14.42 Go | Free : 7.13 Go -> FAT32 [USB] G:\-> [Removable] | [montre espi] | Total : 7.32 Go | Free : 1.47 Go -> FAT32 [USB] D:\-> [Fixed] | [image eassos & makeupdirector 3] | Total : 718.5 Go | Free : 716.89 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 211.76 Go | Free : 44.77 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\jean- C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [12.03.2018 @ 16_36_56]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.16299.15 (© Microsoft Corporation.) GC : 64.0.3282.186 (Copyright 2017 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 28.0.0.161 Plugin : 28.0.0.161 ���������� # Security AV : Panda Dome Disabled AM : Malwarebytes Anti-Malware (2.3.173.0) [] FW : Panda Firewall Disabled WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 928 | [Owner : UMFD-1 |Parent : 780] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.192) = C:\Windows\System32\fontdrvhost.exe 936 | [Owner : UMFD-0 |Parent : 688] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.192) = C:\Windows\System32\fontdrvhost.exe 1064 | [Owner : jean- |Parent : 1260] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe 2344 | [Owner : jean- |Parent : 1012] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.15) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 2704 | [Owner : jean- |Parent : 1936] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\EaseUS EverySync\bin\EaseUSEverySyncCache.exe 2784 | [Owner : jean- |Parent : 1012] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.16299.15) = C:\Windows\HelpPane.exe 2860 | [Owner : jean- |Parent : 1012] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\Windows\System32\ApplicationFrameHost.exe 3588 | [Owner : jean- |Parent : 3556] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.16299.248) = C:\Windows\System32\Taskmgr.exe 3492 | [Owner : jean- |Parent : 1012] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe 3032 | [Owner : jean- |Parent : 1012] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe 4808 | [Owner : jean- |Parent : 1372] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\SysWOW64\notepad.exe 4888 | [Owner : jean- |Parent : 1012] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe 2928 | [Owner : jean- |Parent : 3584] - (.CHENGDU Yiwo Tech Development Co., Ltd. - Todo PCTrans.) - (1.0.0.1) = C:\Program Files (x86)\EaseUS\EaseUS Todo PCTrans\bin\PCTrans.exe 4940 | [Owner : jean- |Parent : 3588] - (.IObit - Advanced SystemCare 11.) - (11.2.0.212) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe 2716 | [Owner : jean- |Parent : 4940] - (.IObit - Advanced SystemCare Tray.) - (11.0.0.377) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe 2156 | [Owner : jean- |Parent : 4048] - (.Piriform Ltd - CCleaner.) - (5.40.115.6411) = C:\Program Files\CCleaner\CCleaner64.exe 5172 | [Owner : jean- |Parent : 3588] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (10.7.1.340) = C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of M:\AUTORUN.INF : Content of L:\AUTORUN.INF : Content of J:\AUTORUN.INF : Content of H:\AUTORUN.INF : Content of G:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:DoesNotExist [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-18\Software\Nico Mak Computing Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\3ivx Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\Nico Mak Computing Deleted : HKLM\Software\WOW6432Node\Nico Mak Computing Will be moved in quarantine at reboot : C:\ProgramData\SharewareOnSale Notifier ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned G:\ : Impossible to vaccinate H:\ : Impossible to vaccinate J:\ : Impossible to vaccinate L:\ : Impossible to vaccinate M:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive Z:] : Hidden : 5 | Restored : 5 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 271 | Restored : 271 ~ [Desktop] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 9 | Restored : 8 ~ [AppData] : Hidden : 2 | Restored : 2 End : 18:32:01 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 196