¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:33:21 04/26/2019 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1751 Pagefile = Total (MB) : 6500 | Free (MB) : 4651 Virtual = Total (MB) : 4194 | Free (MB) : 3958 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives Z:\-> [Fixed] | [backup plus bleu] | Total : 4657.4 Go | Free : 762.7 Go -> NTFS [USB] U:\-> [Removable] | [PHONE CARD] | Total : 1.88 Go | Free : 1.82 Go -> FAT [USB] T:\-> [Removable] | [XUBUNTU 18_] | Total : 115.66 Go | Free : 98.74 Go -> FAT32 [USB] S:\-> [Fixed] | [windows2go workspace] | Total : 57.6 Go | Free : 2.96 Go -> NTFS (SSD) [USB] P:\-> [Removable] | [future wdet] | Total : 59.5 Go | Free : 53.57 Go -> exFAT [USB] L:\-> [Removable] | [512 go sd c] | Total : 476.65 Go | Free : 476.65 Go -> exFAT [USB] ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 08:10:29 05/03/2019 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1807 Pagefile = Total (MB) : 6631 | Free (MB) : 4353 Virtual = Total (MB) : 4194 | Free (MB) : 3919 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives Z:\-> [Fixed] | [backup plus bleu] | Total : 4657.4 Go | Free : 762.7 Go -> NTFS [USB] Y:\-> [Removable] | [POWER2GO 11] | Total : 0.47 Go | Free : 0.07 Go -> FAT32 [USB] V:\-> [Removable] | [FRAMA SALIX] | Total : 14.54 Go | Free : 11.34 Go -> FAT32 [USB] U:\-> [Removable] | [] | Total : 1.83 Go | Free : 0 Go -> FAT [USB] T:\-> [Removable] | [XUBUNTU 18_] | Total : 115.66 Go | Free : 98.74 Go -> FAT32 [USB] S:\-> [Removable] | [SANDISK CON] | Total : 183.32 Go | Free : 30.66 Go -> exFAT [USB] Q:\-> [Removable] | [1tb microsd] | Total : 976.53 Go | Free : 0.02 Go -> exFAT [USB] P:\-> [Removable] | [future wdet] | Total : 59.5 Go | Free : 53.57 Go -> exFAT [USB] N:\-> [Removable] | [FRAMA SALIX] | Total : 1.86 Go | Free : 0.03 Go -> FAT32 [USB] M:\-> [Fixed] | [ZALMAN] | Total : 931.47 Go | Free : 914.46 Go -> NTFS [USB] K:\-> [Removable] | [CUBUNTU] | Total : 7.2 Go | Free : 0.05 Go -> FAT32 [USB] H:\-> [Removable] | [samsung fit 128 Go] | Total : 119.5 Go | Free : 119.19 Go -> NTFS [USB] G:\-> [Removable] | [] | Total : 14.91 Go | Free : 14.81 Go -> FAT32 [USB] E:\-> [Removable] | [] | Total : 235.65 Go | Free : 109 Go -> NTFS [USB] D:\-> [Fixed] | [backup plus rouge] | Total : 4657.4 Go | Free : 449.82 Go -> NTFS [USB] C:\-> [Fixed] | [OS] | Total : 488.66 Go | Free : 45.35 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\jean- C:\Users\_ashbackup_ C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [03.05.2019 @ 07_57_54]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 32.0.0.171 Plugin : 32.0.0.171 ���������� # Security AV : Malwarebytes Enabled AS : Windows Defender Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1800 | [Owner : jean- |Parent : 1352] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe 1920 | [Owner : |Parent : 840] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1904.1) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1904.1-0\MsMpEng.exe 2120 | [Owner : jean- |Parent : 2096] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe 3004 | [Owner : jean- |Parent : 288] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.706) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 5776 | [Owner : jean- |Parent : 288] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe 6220 | [Owner : jean- |Parent : 4112] - (.Farbar - Farbar Recovery Scan Tool.) - (25.4.2019.0) = C:\Users\jean-\Desktop\FRST64.exe 6908 | [Owner : jean- |Parent : 3380] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe 7092 | [Owner : jean- |Parent : 288] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe 1416 | [Owner : jean- |Parent : 3728] - (.Microsoft Corporation - Microsoft Management Console.) - (10.0.17134.1) = C:\Windows\System32\mmc.exe 3984 | [Owner : jean- |Parent : 288] - (.Microsoft Corporation - Virtual Disk Service Loader.) - (10.0.17134.1) = C:\Windows\System32\vdsldr.exe 5832 | [Owner : LogonSessionId_0_51281315 |Parent : 840] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.17134.1) = C:\Windows\System32\vds.exe 7676 | [Owner : jean- |Parent : 3796] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files\internet explorer\iexplore.exe 144 | [Owner : jean- |Parent : 7676] - (.Microsoft Corporation - Internet Explorer.) - (11.0.17134.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 2212 | [Owner : |Parent : 988] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 2344 | [Owner : |Parent : 2212] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 3360 | [Owner : |Parent : 988] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.68) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 3524 | [Owner : |Parent : 3360] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.227) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 3680 | [Owner : |Parent : 988] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe 3872 | [Owner : Système |Parent : 988] - (. - .) - (12.6.1005.11662) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareService.exe 3880 | [Owner : Système |Parent : 988] - (.COMODO - COMODO Internet Security.) - (12.0.0.6810) = C:\Program Files\COMODO\COMODO Internet Security\upd7C.tmp 3888 | [Owner : Système |Parent : 988] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 3896 | [Owner : |Parent : 988] - (.COMODO - COMODO Internet Security.) - (12.0.0.6810) = C:\Program Files\COMODO\COMODO Internet Security\upd7C.tmp 3928 | [Owner : Système |Parent : 988] - (.COMODO Security Solutions - COMODO COSService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\COSService.exe 3952 | [Owner : Système |Parent : 988] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\Windows\System32\DbxSvc.exe 3968 | [Owner : Système |Parent : 988] - (.Digital Wave Ltd. - Digital Wave Update Service.) - (1.0.136.629) = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe 4016 | [Owner : Système |Parent : 988] - (.CHENGDU YIWO Tech Development Co., Ltd - EaseUS Todo Backup Agent Application.) - (5.0.0.1) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe 2884 | [Owner : |Parent : 988] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.191) = C:\Windows\System32\SecurityHealthService.exe 3040 | [Owner : LogonSessionId_0_216132 |Parent : 988] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2011.110.5058.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2852 | [Owner : Système |Parent : 988] - (.COMODO Security Solutions - COMODO SynchronizationService.) - (1.0.0.1846) = C:\Program Files\COMODO\COMMON\SynchronizationService.exe 3772 | [Owner : Système |Parent : 988] - (.Copyright 2017. - ZAM.) - (2.74.0.150) = C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe 4280 | [Owner : SERVICE LOCAL |Parent : 3936] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe 4724 | [Owner : LogonSessionId_0_213905 |Parent : 988] - (.Microsoft Corporation - SQL Server Windows NT.) - (2011.110.5388.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL11.ADK\MSSQL\Binn\sqlservr.exe 4740 | [Owner : Aucun |Parent : 988] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2018\bin\backupService-ab.exe 5008 | [Owner : LogonSessionId_0_246386 |Parent : 988] - (.Microsoft Corporation - Service de disque virtuel.) - (10.0.17134.1) = C:\Windows\System32\vds.exe 5392 | [Owner : Système |Parent : 4016] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe 6784 | [Owner : Aucun |Parent : 4740] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2018\bin\oxHelper.exe 7792 | [Owner : Système |Parent : 988] - (.MacPaw Inc. - CleanMyPC NT Service.) - (1.10.2.1999) = C:\Program Files\CleanMyPC\CleanMyPCService.exe 7236 | [Owner : Système |Parent : 988] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.1003) = C:\Program Files\rempl\sedsvc.exe 2604 | [Owner : |Parent : 988] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.17134.1) = C:\Windows\System32\SgrmBroker.exe 7228 | [Owner : LogonSessionId_0_730689 |Parent : 988] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.677) = C:\Windows\System32\SearchIndexer.exe 5448 | [Owner : jean- |Parent : 1164] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe 8080 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe 3768 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe 5860 | [Owner : jean- |Parent : 1720] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.619) = C:\Windows\System32\taskhostw.exe 8900 | [Owner : jean- |Parent : 1720] - (.COMODO - COMODO Internet Security.) - (12.0.0.6810) = C:\Program Files\COMODO\COMODO Internet Security\upd7D.tmp 2076 | [Owner : jean- |Parent : 1720] - (.Avanquest Software - PC Speed Maximizer automatic scan and notifications.) - (5.1.0.0) = C:\Users\jean-\Dropbox\PC Speed Maximizer\SPMSchedule.exe 5776 | [Owner : jean- |Parent : 4600] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe 5940 | [Owner : jean- |Parent : 3628] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe 7492 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.706) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2132 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe 8136 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe 9220 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.17134.1) = C:\Windows\System32\SettingSyncHost.exe 9800 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe 9272 | [Owner : jean- |Parent : 5776] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.986) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 10048 | [Owner : jean- |Parent : 5776] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2018\bin\backupClient-ab.exe 8716 | [Owner : jean- |Parent : 5776] - (. - UI8Guard.) - (8.0.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo UnInstaller 8\UI8Guard.exe 9536 | [Owner : jean- |Parent : 5776] - (. - .) - (12.6.1005.11662) = C:\Program Files\adaware\adaware antivirus\adaware antivirus\12.6.1005.11662\AdAwareTray.exe 9808 | [Owner : jean- |Parent : 10048] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2018\bin\oxHelper.exe 1408 | [Owner : jean- |Parent : 5776] - (.Opera Software - Opera Browser Assistant.) - (60.0.3255.56) = C:\Users\jean-\AppData\Local\Programs\Opera\assistant\browser_assistant.exe 9048 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 10076 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe 7296 | [Owner : jean- |Parent : 1728] - (.iSkySoft - iSkySoft Studio.) - (2.3.5.0) = C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe 10364 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.17134.1) = C:\Windows\System32\wbem\unsecapp.exe 10588 | [Owner : jean- |Parent : 1728] - (. - .) - (0.0.0.0) = C:\Program Files\Unlocker\UnlockerAssistant.exe 11000 | [Owner : jean- |Parent : 1728] - (.Dropbox, Inc. - Dropbox.) - (72.3.127.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 11216 | [Owner : jean- |Parent : 10244] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 11112 | [Owner : jean- |Parent : 1728] - (.Logitech Inc. - Logitech Webcam Software.) - (13.51.815.0) = C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe 10216 | [Owner : jean- |Parent : 11000] - (.Dropbox, Inc. - Dropbox.) - (72.3.127.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 2252 | [Owner : jean- |Parent : 8900] - (.COMODO - COMODO Internet Security.) - (12.0.0.6810) = C:\Program Files\COMODO\COMODO Internet Security\upd7D.tmp 10920 | [Owner : jean- |Parent : 11112] - (. - .) - (13.51.815.0) = C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe 10464 | [Owner : jean- |Parent : 11000] - (.Dropbox, Inc. - Dropbox.) - (72.3.127.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 7500 | [Owner : jean- |Parent : 11216] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 10356 | [Owner : jean- |Parent : 11000] - (.The Qt Company Ltd. - Qt Qtwebengineprocess.) - (5.12.3.0) = C:\Program Files (x86)\Dropbox\Client\72.3.127\QtWebEngineProcess.exe 9384 | [Owner : jean- |Parent : 11000] - (.The Qt Company Ltd. - Qt Qtwebengineprocess.) - (5.12.3.0) = C:\Program Files (x86)\Dropbox\Client\72.3.127\QtWebEngineProcess.exe 7496 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Application Frame Host.) - (10.0.17134.1) = C:\Windows\System32\ApplicationFrameHost.exe 11408 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Store.) - (11811.1001.27.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe 11516 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe 11712 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.17134.677) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 10256 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Browser_Broker.) - (11.0.17134.590) = C:\Windows\System32\browser_broker.exe 10780 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe 12036 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.17134.677) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 11732 | [Owner : jean- |Parent : 1140] - (. - .) - (10.19031.1141.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe 9068 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Paramètres.) - (10.0.17134.112) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe 11816 | [Owner : Système |Parent : 1140] - (.COMODO - COMODO Internet Security.) - (12.0.0.6810) = C:\Program Files\COMODO\COMODO Internet Security\upd84.tmp 7244 | [Owner : jean- |Parent : 988] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.556) = C:\Windows\System32\svchost.exe 9884 | [Owner : Système |Parent : 1140] - (.COMODO - COMODO Internet Security.) - (12.0.0.6810) = C:\Program Files\COMODO\COMODO Internet Security\upd84.tmp 9648 | [Owner : Système |Parent : 1720] - (.Dropbox, Inc. - Dropbox Update.) - (1.3.27.73) = C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe 5824 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.677) = C:\Windows\explorer.exe 9828 | [Owner : jean- |Parent : 5824] - (.Microsoft Corporation - Bloc-notes.) - (10.0.17134.1) = C:\Windows\System32\notepad.exe 7828 | [Owner : Système |Parent : 988] - (.COMODO - COMODO Internet Security.) - (12.0.0.6814) = C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe 13096 | [Owner : jean- |Parent : 1140] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.677) = C:\Windows\System32\smartscreen.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of V:\autorun.inf : [autorun] open=start.exe icon=start.exe label=Framakey Action=Démarrer la Framakey shell=Framakey shell\FramaKey=FramaKey shell\FramaKey\command=start.exe Content of T:\autorun.inf : ; Created by Rufus 3.3.1400 ; https://rufus.ie [autorun] icon = autorun.ico label = Xubuntu 18.10 i386 Content of N:\AUTORUN.INF : Content of K:\AUTORUN.INF : Content of C:\autorun.inf : [autorun] open=Framakey.exe icon=Framakey.exe label=Framakey 2 shell=Framakey shell\FramaKey=FramaKey 2 shell\FramaKey\command=Framakey.exe ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKLM64\Software\adaware Deleted : HKLM\Software\WOW6432Node\adaware Moved to quarantine successfully : Z:\teracopy-portable-2-0-en.exe Moved to quarantine successfully : T:\EJjplDh7z8h_CTR.exe Moved to quarantine successfully : S:\setup.exe Will be moved in quarantine at reboot : P:\pre-scan_7_16.10.17.1.exe Will be moved in quarantine at reboot : P:\SkinPacks_0475149786.exe Moved to quarantine successfully : D:\EJjplDh7z8h_CTR.exe Will be moved in quarantine at reboot : P:\Slowin' Killer - Donner son avis.lnk Will be moved in quarantine at reboot : P:\Slowin' Killer - Analyse_(1).lnk Will be moved in quarantine at reboot : P:\Slowin' Killer - Optimize_(1).lnk Will be moved in quarantine at reboot : P:\ByteFence Anti-Malware.lnk Will be moved in quarantine at reboot : P:\DriverUPDATER.lnk Will be moved in quarantine at reboot : P:\iShredder 7.0.lnk ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned E:\ : Vaccinated (Vaccin created by Usbfix) G:\ : Vaccinated (Vaccin created by Usbfix) H:\ : Vaccinated (Vaccin created by Pre_Scan) H:\ : Vaccinated (Vaccin created by Pre_Scan) K:\ : Impossible to vaccinate N:\ : Impossible to vaccinate P:\ : Vaccinated (Vaccin created by Usbfix) S:\ : Vaccinated (Vaccin created by Pre_Scan) S:\ : Vaccinated (Vaccin created by Pre_Scan) T:\ : Impossible to vaccinate U:\ : Vaccinated (Vaccin created by Usbfix) V:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files