¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 23:20:03 12/08/2018 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [acer (Administrator)] - [ACER-PC] SID = S-1-5-21-898282021-3541179277-2100125183-1000 Boot: Normal boot System : Windows 7 Professional (32 bits) Professional ProcessorNameString : Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz Identifier : x86 Family 6 Model 42 Stepping 7 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 2734 | Free (MB) : 1579 Pagefile = Total (MB) : 5466 | Free (MB) : 4467 Virtual = Total (MB) : 2097 | Free (MB) : 1911 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives E:\-> [Fixed] | [Mus] | Total : 185.64 Go | Free : 113.54 Go -> NTFS [SATA] C:\-> [Fixed] | [] | Total : 279.26 Go | Free : 189.93 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Last detection : 2018-12-07 00:53:18 Downloaded last ones : 2018-12-07 10:03:35 Installed last ones : 2017-05-27 15:02:36 Windows Is Activated Service Pack 1 not installed !!! ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\acer C:\Users\Invité Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [08.12.2018 @ 23_17_28]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 9.0.8112.16450 (© Microsoft Corporation.) FF : 63.0.1.6877 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 71.0.3578.80 (Copyright 2017 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer Plugin : 32.0.0.101 ���������� # Security AS : Windows Defender Disabled FW : ESET Pare-feu Enabled WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1500 | [Owner : Système |Parent : 1020] - (.Microsoft Corporation - Infrastructure d’extensibilité pour les services réseau Windows sans fil 802.11.) - (6.1.7600.16385) = C:\Windows\System32\wlanext.exe 1604 | [Owner : Système |Parent : 676] - (.Microsoft Corporation - Application sous-système spouleur.) - (6.1.7600.16962) = C:\Windows\System32\spoolsv.exe 1860 | [Owner : Système |Parent : 676] - (.Atheros Commnucations - AdminService Application.) - (7.4.0.96) = C:\Program Files\Bluetooth Suite\AdminService.exe 1900 | [Owner : Système |Parent : 676] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe 1928 | [Owner : Système |Parent : 676] - (.Dritek System Inc. - Dritek WMI Service.) - (3.6.0.2308) = C:\Program Files\Launch Manager\dsiwmis.exe 1976 | [Owner : Système |Parent : 676] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Event Log Service.) - (14.1.1.7) = C:\Program Files\Intel\WiFi\bin\EvtEng.exe 1984 | [Owner : Système |Parent : 1928] - (.Dritek System Inc. - Launch Manager utility process.) - (1.4.0.2308) = C:\Program Files\Launch Manager\LMutilps32.exe 552 | [Owner : acer |Parent : 1068] - (.Microsoft Corporation - Moteur du Planificateur de tâches.) - (6.1.7600.16699) = C:\Windows\System32\taskeng.exe 1076 | [Owner : acer |Parent : 676] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (6.1.7600.16385) = C:\Windows\System32\taskhost.exe 1784 | [Owner : acer |Parent : 1440] - (.Microsoft Corporation - Explorateur Windows.) - (6.1.7600.16768) = C:\Windows\explorer.exe 1360 | [Owner : Système |Parent : 676] - (.Freemake - FreemakeUtilsService.) - (1.0.0.0) = C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe 2072 | [Owner : acer |Parent : 552] - (.Smadsoft - Smadav USB Antivirus & Additional Protection.) - (4.123.0.1) = C:\Program Files\SMADAV\SMΔRTP.exe 2276 | [Owner : acer |Parent : 1784] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.723) = C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe 2284 | [Owner : acer |Parent : 1784] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.75) = C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe 2292 | [Owner : acer |Parent : 1784] - (.Dolby Laboratories Inc. - Dolby Profile Selector.) - (7.2.7000.7) = C:\Dolby PCEE4\pcee4.exe 2300 | [Owner : acer |Parent : 1784] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Framework.) - (14.1.1.0) = C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe 2312 | [Owner : acer |Parent : 1784] - (.ELAN Microelectronics Corp. - ETD Control Center.) - (8.2.0.18) = C:\Program Files\Elantech\ETDCtrl.exe 2332 | [Owner : acer |Parent : 1784] - (.Renesas Electronics Corporation - USB 3.0 Monitor.) - (2.0.28.0) = C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe 2344 | [Owner : acer |Parent : 1784] - (.Intel Corporation - igfxTray Module.) - (8.15.10.4229) = C:\Windows\System32\igfxtray.exe 2420 | [Owner : acer |Parent : 1784] - (.Intel Corporation - hkcmd Module.) - (8.15.10.4229) = C:\Windows\System32\hkcmd.exe 2452 | [Owner : acer |Parent : 1784] - (.Intel Corporation - persistence Module.) - (8.15.10.4229) = C:\Windows\System32\igfxpers.exe 2636 | [Owner : acer |Parent : 1784] - (.Atheros Communications - Serveur Stack Bluetooth.) - (7.4.0.96) = C:\Program Files\Bluetooth Suite\BtvStack.exe 2644 | [Owner : acer |Parent : 1784] - (.Atheros Commnucations - Bluetooth Tray.) - (7.4.0.96) = C:\Program Files\Bluetooth Suite\AthBtTray.exe 2856 | [Owner : acer |Parent : 1784] - (.Intel® Corporation - Intel® Turbo Boost Technology Monitor 2.0.) - (2.1.23.0) = C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe 2964 | [Owner : acer |Parent : 552] - (.Piriform Ltd - CCleaner.) - (5.25.0.5902) = C:\Program Files\CCleaner\CCleaner.exe 3432 | [Owner : Système |Parent : 676] - (.Intel(R) Corporation - Intel(R) PROSet/Wireless Registry Service.) - (14.1.1.0) = C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 3652 | [Owner : Système |Parent : 676] - (.VMware, Inc. - VMware NAT Service.) - (10.0.2.46408) = C:\Windows\System32\vmnat.exe 3700 | [Owner : Système |Parent : 676] - (.Windscribe Limited - Windscribe service.) - (1.7.0.0) = C:\Program Files\Windscribe\WindscribeService.exe 3904 | [Owner : acer |Parent : 792] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe 3948 | [Owner : Système |Parent : 792] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (6.1.7600.16385) = C:\Windows\System32\wbem\unsecapp.exe 2512 | [Owner : Système |Parent : 676] - (.VMware, Inc. - VMware VMnet DHCP service.) - (10.0.2.46408) = C:\Windows\System32\vmnetdhcp.exe 4004 | [Owner : Système |Parent : 676] - (.VMware, Inc. - VMware USB Arbitration Service.) - (12.1.17.0) = C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe 4016 | [Owner : Système |Parent : 676] - (.VMware, Inc. - VMware Authorization Service.) - (10.0.2.46408) = C:\Program Files\VMware\VMware Player\vmware-authd.exe 4328 | [Owner : Système |Parent : 676] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.7600.16808) = C:\Windows\System32\SearchIndexer.exe 4404 | [Owner : Système |Parent : 676] - (.Intel Corporation - Intel(R) Integrated Clock Controller Service - Intel(R) ICCS.) - (1.0.0.1) = C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe 4432 | [Owner : SERVICE LOCAL |Parent : 676] - (.Intel(R) Corporation - Turbo Boost Monitor Service.) - (2.1.23.0) = C:\Program Files\Intel\TurboBoost\TurboBoost.exe 5108 | [Owner : acer |Parent : 2312] - (.ELAN Microelectronics Corp. - ETD Control Center Helper.) - (8.2.0.8) = C:\Program Files\Elantech\ETDCtrlHelper.exe 5524 | [Owner : SERVICE LOCAL |Parent : 676] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.4902) = C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe 6048 | [Owner : acer |Parent : 1604] - (.360.cn - 360 安全卫士在线安装程序.) - (11.0.0.1477) = C:\Users\acer\AppData\Local\Temp\Ins8B6.tmp 4912 | [Owner : acer |Parent : 1784] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 4500 | [Owner : acer |Parent : 4912] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 1280 | [Owner : acer |Parent : 4912] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 5180 | [Owner : acer |Parent : 4912] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 1700 | [Owner : acer |Parent : 4912] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 5376 | [Owner : acer |Parent : 4912] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 2812 | [Owner : Système |Parent : 676] - (.Intel Corporation - Local Manageability Service.) - (7.0.4.1197) = C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 4836 | [Owner : SERVICE RÉSEAU |Parent : 676] - (.Microsoft Corporation - Service Partage réseau du Lecteur Windows Media.) - (12.0.7600.16385) = C:\Program Files\Windows Media Player\wmpnetwk.exe 3256 | [Owner : Système |Parent : 676] - (.Intel Corporation - User Notification Service.) - (7.0.4.1197) = C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 4708 | [Owner : Système |Parent : 676] - (.Microsoft Corporation - Détection de services interactifs.) - (6.1.7600.16385) = C:\Windows\System32\UI0Detect.exe 1108 | [Owner : acer |Parent : 4912] - (.Google Inc. - Google Chrome.) - (71.0.3578.80) = C:\Program Files\Google\Chrome\Application\chrome.exe 3152 | [Owner : acer |Parent : 4892] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe 3748 | [Owner : Système |Parent : 4328] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7600.16808) = C:\Windows\System32\SearchProtocolHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{ee8d31fe-08f2-11e4-a1f2-dc0ea10f16d9}.TM.blf Will be moved in quarantine at reboot : C:\ProgramData\ntuser.dat{ee8d3209-08f2-11e4-a1f2-dc0ea10f16d9}.TM.blf ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 30 | Restored : 30 ~ [AppData] : Hidden : 1 | Restored : 1 End : 23:46:40 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 198