¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 07:56:12 11/08/2019 Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [dedie (Administrator)] - [DESKTOP-98P8SR4] SID = S-1-5-21-838239971-3811244225-1953794629-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 142 Stepping 9 CoreTemp : 29.8 Celsius - Max : 99 Celsius Memory RAM = Total (MB) : 4094 | Free (MB) : 1790 Pagefile = Total (MB) : 6083 | Free (MB) : 3237 Virtual = Total (MB) : 4194 | Free (MB) : 3813 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives O:\-> [CDROM] | [Audio CD] M:\-> [Removable] | [MULTIBOOT] | Total : 1.9 Go | Free : 0.97 Go -> FAT32 [USB] L:\-> [Removable] | [PARTED MAGI] | Total : 15 Go | Free : 0.11 Go -> FAT32 [USB] K:\-> [Fixed] | [VERBATIM HD] | Total : 7451.91 Go | Free : 2661.64 Go -> NTFS [USB] J:\-> [CDROM] | [SFR] | Total : 0.07 Go | Free : 0 Go -> CDFS [USB] I:\-> [Removable] | [SANDISK CON] | Total : 183.32 Go | Free : 11.85 Go -> exFAT [USB] H:\-> [Removable] | [KPRM LIVE] | Total : 29.28 Go | Free : 4.74 Go -> FAT32 [USB] G:\-> [Removable] | [Windows7Starter32x] | Total : 29.35 Go | Free : 2.48 Go -> NTFS [USB] F:\-> [Removable] | [micro sd] | Total : 28.84 Go | Free : 7.53 Go -> exFAT (SSD) [SD] E:\-> [Fixed] | [WD Elements] | Total : 929.42 Go | Free : 0.29 Go -> NTFS [USB] D:\-> [Removable] | [anti-tfl] | Total : 0.12 Go | Free : 0.05 Go -> exFAT (SSD) [SD] C:\-> [Fixed] | [] | Total : 107.22 Go | Free : 11.46 Go -> NTFS (SSD) [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\windows\ServiceProfiles\LocalService C:\windows\ServiceProfiles\NetworkService C:\Users\dedie C:\Users\Roudor Temptations F.DESKTOP-98P8SR4 Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [08.11.2019 @ 07_52_38]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.16299.15 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 32.0.0.171 ���������� # Security FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1140 | [Owner : |Parent : 916] - (.Microsoft Corporation - Windows Logon User Interface Host.) - (10.0.16299.15) = C:\Windows\System32\LogonUI.exe 1960 | [Owner : |Parent : 816] - (.Samsung Electronics Co.,Ltd. - Samsung Radio Control Delegation Service executable.) - (2.3.0.7) = C:\Windows\System32\RCDService.exe 1968 | [Owner : |Parent : 816] - (. - SafiService.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiService.exe 1976 | [Owner : |Parent : 816] - (. - SamsungPenService.) - (1.0.33.0) = C:\Program Files (x86)\Samsung\Air Command\SamsungPenService.exe 2000 | [Owner : |Parent : 816] - (. - .) - (0.0.0.0) = C:\Windows\System32\PanelManagerSvc.exe 2268 | [Owner : |Parent : 816] - (.AVG Technologies CZ, s.r.o. - AVG Internet Security System remediation exe.) - (19.8.4793.0) = C:\Program Files\AVG\Antivirus\wsc_proxy.exe 2564 | [Owner : Système |Parent : 816] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxCUIService.exe 3616 | [Owner : |Parent : 816] - (.AVG Technologies CZ, s.r.o. - AVG Internet Security System Service.) - (19.8.4793.0) = C:\Program Files\AVG\Antivirus\AVGSvc.exe 3952 | [Owner : LogonSessionId_0_210077 |Parent : 816] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.16299.15) = C:\Windows\System32\spoolsv.exe 3576 | [Owner : Système |Parent : 816] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe 4076 | [Owner : Système |Parent : 816] - (.Intel Corporation - IntelCpHDCPSvc Executable.) - (1.0.0.1) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHDCPSvc.exe 4100 | [Owner : Système |Parent : 816] - (.Samsung Electronics - GripResetService.) - (1.0.0.6) = C:\Windows\System32\GripResetService.exe 4160 | [Owner : Système |Parent : 816] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.2.11002.3418) = C:\Windows\System32\Intel\DPTF\esif_uf.exe 4288 | [Owner : Système |Parent : 816] - (.Samsung Electronics Co., Ltd. - SamsungSystemService.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemService.exe 4300 | [Owner : |Parent : 816] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16299.15) = C:\Windows\System32\SecurityHealthService.exe 4332 | [Owner : Système |Parent : 816] - (.SPAMfighter ApS - Fighter Suite Service.) - (3.1.295.0) = C:\Program Files (x86)\Fighters\FighterSuiteService.exe 5384 | [Owner : Système |Parent : 816] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.2.117) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHeciSvc.exe 6040 | [Owner : SERVICE LOCAL |Parent : 816] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5880 | [Owner : SERVICE LOCAL |Parent : 816] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5144 | [Owner : SERVICE LOCAL |Parent : 816] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 3020 | [Owner : SERVICE LOCAL |Parent : 816] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 6256 | [Owner : SERVICE LOCAL |Parent : 816] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 6332 | [Owner : SERVICE LOCAL |Parent : 816] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 6936 | [Owner : dedie |Parent : 2920] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe 6948 | [Owner : dedie |Parent : 816] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 7116 | [Owner : dedie |Parent : 816] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 7140 | [Owner : LogonSessionId_0_517175 |Parent : 816] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8833) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 6428 | [Owner : dedie |Parent : 2504] - (.SPAMfighter ApS. - DRIVERfighter Application.) - (1.2.15.1) = C:\Program Files (x86)\Fighters\DRIVERfighter\DRIVERfighter.exe 6436 | [Owner : dedie |Parent : 2504] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe 1676 | [Owner : dedie |Parent : 2504] - (.SPAMfighter ApS - SLOW-PCfighter product.) - (2.2.11.1) = C:\Program Files (x86)\Fighters\SLOW-PCfighter\UI.exe 5956 | [Owner : dedie |Parent : 2504] - (.Orange - Orange Inside.) - (3.2.0.1) = C:\Users\dedie\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe 7388 | [Owner : dedie |Parent : 7328] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxEM.exe 7496 | [Owner : dedie |Parent : 7448] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.15) = C:\Windows\explorer.exe 7596 | [Owner : LogonSessionId_0_557458 |Parent : 816] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.16299.15) = C:\Windows\System32\SearchIndexer.exe 6636 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.15) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 8340 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16299.19) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 8608 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 9032 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 9136 | [Owner : dedie |Parent : 352] - (. - .) - (8.54.0.85) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 9744 | [Owner : dedie |Parent : 1728] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\Windows\System32\ctfmon.exe 9756 | [Owner : dedie |Parent : 1728] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscrite.) - (10.0.16299.64) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 9948 | [Owner : dedie |Parent : 9756] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) - (10.0.16299.15) = C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 9600 | [Owner : dedie |Parent : 2504] - (.Samsung Electronics Co., Ltd. - Show Window.) - (1.0.0.30) = C:\Program Files (x86)\Show Window\Show Window.exe 10484 | [Owner : dedie |Parent : 2504] - (.Samsung Electronics Co., Ltd. - S Agent.) - (1.1.5.8) = C:\Program Files\Samsung\S Agent\CommonAgent.exe 6588 | [Owner : dedie |Parent : 7496] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.12.16299.15) = C:\Program Files\Windows Defender\MSASCuiL.exe 10716 | [Owner : dedie |Parent : 7496] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1109) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 6912 | [Owner : dedie |Parent : 2068] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.7) = C:\Program Files\Realtek\Audio\HDA\EP64.exe 6740 | [Owner : dedie |Parent : 7496] - (.Samsung Electronics Co., Ltd. - Samsung OSD.) - (1.0.11.0) = C:\Program Files\Samsung\SamsungOSD\OSD.exe 11076 | [Owner : dedie |Parent : 7496] - (.Microsoft Corporation - Microsoft OneDrive.) - (19.174.902.13) = C:\Users\dedie\AppData\Local\Microsoft\OneDrive\OneDrive.exe 2116 | [Owner : dedie |Parent : 7496] - (.Orange - MailNotifier.) - (4.2.1.0) = C:\Program Files (x86)\Orange\MailNotifier\MailNotifier.exe 10868 | [Owner : dedie |Parent : 7496] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe 3560 | [Owner : dedie |Parent : 2788] - (. - Orange Wifi Application.) - (2.0.0.1161) = C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe 5284 | [Owner : dedie |Parent : 7496] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe 1760 | [Owner : dedie |Parent : 2788] - (. - Orange Updater.) - (2.0.0.1161) = C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\UpdteApp.exe 2368 | [Owner : dedie |Parent : 2788] - (.SPAMfighter ApS - FIGHTERtools Update Manager.) - (4.0.280.0) = C:\Program Files (x86)\Fighters\Tray\FightersTray.exe 6612 | [Owner : Système |Parent : 816] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.7.0.1052) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 10660 | [Owner : Système |Parent : 816] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10081) = C:\Program Files\rempl\sedsvc.exe 6584 | [Owner : Système |Parent : 816] - (.Samsung Electronics Co., Ltd. - WLAN SAR Service.) - (1.0.0.7) = C:\Windows\System32\WlSarService.exe 8484 | [Owner : dedie |Parent : 816] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 10960 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\Windows\System32\ApplicationFrameHost.exe 5652 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Store.) - (11911.1001.8.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe 10276 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 9656 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 9192 | [Owner : dedie |Parent : 352] - (.Microsoft Corporation - Paramètres.) - (10.0.16299.15) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe 2036 | [Owner : Système |Parent : 1728] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscrite.) - (10.0.16299.64) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 2988 | [Owner : Système |Parent : 5036] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.19) = C:\Windows\System32\fontdrvhost.exe 3164 | [Owner : dedie |Parent : 2504] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe 11180 | [Owner : Roudor Temptations F |Parent : 4160] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.2.11002.3418) = C:\Windows\Temp\DPTF\esif_assist_64.exe 8456 | [Owner : Roudor Temptations F |Parent : 2000] - (. - PanelManager.) - (1.0.9.0) = C:\Program Files\Samsung\PanelManager\PanelManager.exe 9212 | [Owner : Roudor Temptations F |Parent : 4288] - (.Samsung Electronics Co., Ltd. - SamsungSystemAgent.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemAgent.exe 4172 | [Owner : Roudor Temptations F |Parent : 1968] - (. - SafiAgent.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiAgent.exe 5096 | [Owner : Roudor Temptations F |Parent : 2920] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe 8896 | [Owner : Roudor Temptations F |Parent : 2504] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe 7544 | [Owner : Roudor Temptations F |Parent : 352] - (.Intel Corporation - igfxext Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxext.exe 5148 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe 10316 | [Owner : Roudor Temptations F |Parent : 4324] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxEM.exe 10456 | [Owner : Roudor Temptations F |Parent : 9852] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.16299.15) = C:\Windows\explorer.exe 9368 | [Owner : Roudor Temptations F |Parent : 1728] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\Windows\System32\ctfmon.exe 8132 | [Owner : Roudor Temptations F |Parent : 1728] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscrite.) - (10.0.16299.64) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 5944 | [Owner : Roudor Temptations F |Parent : 8132] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) - (10.0.16299.15) = C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe 7036 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.15) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 11328 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 11336 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16299.19) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 11428 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 11468 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 12628 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\Windows\System32\ApplicationFrameHost.exe 13636 | [Owner : Roudor Temptations F |Parent : 4288] - (.Samsung Electronics Co., Ltd. - SamsungSystemManager.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemManager.exe 6668 | [Owner : Roudor Temptations F |Parent : 2504] - (.Samsung Electronics Co., Ltd. - Show Window.) - (1.0.0.30) = C:\Program Files (x86)\Show Window\Show Window.exe 13856 | [Owner : Roudor Temptations F |Parent : 10456] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.12.16299.15) = C:\Program Files\Windows Defender\MSASCuiL.exe 4468 | [Owner : Roudor Temptations F |Parent : 10456] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1109) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 14472 | [Owner : Roudor Temptations F |Parent : 12072] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.7) = C:\Program Files\Realtek\Audio\HDA\EP64.exe 14372 | [Owner : Roudor Temptations F |Parent : 10456] - (.Samsung Electronics Co., Ltd. - Samsung OSD.) - (1.0.11.0) = C:\Program Files\Samsung\SamsungOSD\OSD.exe 15400 | [Owner : Roudor Temptations F |Parent : 12072] - (. - Orange Wifi Application.) - (2.0.0.1161) = C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\OrangeWifi.exe 15540 | [Owner : Roudor Temptations F |Parent : 12072] - (. - Orange Updater.) - (2.0.0.1161) = C:\Program Files (x86)\Orange\wifi d'Orange\{9d78a505-6248-4d1b-81b6-df69655beccf}\UpdteApp.exe 15680 | [Owner : Roudor Temptations F |Parent : 12072] - (.SPAMfighter ApS - FIGHTERtools Update Manager.) - (4.0.280.0) = C:\Program Files (x86)\Fighters\Tray\FightersTray.exe 15628 | [Owner : Roudor Temptations F |Parent : 10456] - (.Microsoft Corporation - Internet Explorer.) - (11.0.16299.15) = C:\Program Files\internet explorer\iexplore.exe 10900 | [Owner : Roudor Temptations F |Parent : 15628] - (.Microsoft Corporation - Internet Explorer.) - (11.0.16299.15) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 10516 | [Owner : dedie |Parent : 12692] - (.Glarysoft Ltd - Glarysoft QuickSearch.) - (5.33.1.113) = C:\Program Files (x86)\Glarysoft\Quick Search 5\QuickSearch.exe 11744 | [Owner : dedie |Parent : 10516] - (.Glarysoft Ltd - MemfilesService.) - (5.18.1.21) = C:\Program Files (x86)\Glarysoft\Quick Search 5\MemfilesService.exe 8800 | [Owner : dedie |Parent : 10516] - (.Glarysoft Ltd - x64 Process Assist.) - (1.0.0.14) = C:\Program Files (x86)\Glarysoft\Quick Search 5\x64\x64ProcessAssistSvc.exe 12116 | [Owner : dedie |Parent : 12432] - (.CrystalIDEA Software - Uninstall Tool.) - (3.5.9.5660) = F:\Marie-France Rousseau qui flingueProgram Files\Uninstall Tool\UninstallTool.exe 9404 | [Owner : dedie |Parent : 12116] - (.CrystalIDEA Software - Uninstall Tool Helper Process.) - (1.1.17.5) = F:\Marie-France Rousseau qui flingueProgram Files\Uninstall Tool\UninstallToolHelper.exe 7488 | [Owner : Roudor Temptations F |Parent : 352] - (.Adobe - Adobe® Flash® Player Utility.) - (32.0.0.171) = C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe 15132 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Hôte Microsoft WWA.) - (10.0.16299.15) = C:\Windows\System32\WWAHost.exe 12584 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 13516 | [Owner : Roudor Temptations F |Parent : 352] - (. - .) - (8.54.0.85) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.54.85.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 12492 | [Owner : Roudor Temptations F |Parent : 2504] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe 13480 | [Owner : Roudor Temptations F |Parent : 10456] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe 5400 | [Owner : Roudor Temptations F |Parent : 10456] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe 3420 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Store.) - (11911.1001.8.0) = C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.8.0_x64__8wekyb3d8bbwe\WinStore.App.exe 4460 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 12444 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Hôte Microsoft WWA.) - (10.0.16299.15) = C:\Windows\System32\WWAHost.exe 16248 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 11900 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.16299.15) = C:\Windows\System32\SettingSyncHost.exe 3936 | [Owner : Roudor Temptations F |Parent : 13248] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 6968 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera crash-reporter.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera_crashreporter.exe 16236 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 17896 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 11120 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 7148 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 14516 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 14188 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 1668 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 12348 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 9976 | [Owner : Roudor Temptations F |Parent : 3936] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\Roudor Temptations F.DESKTOP-98P8SR4\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 17228 | [Owner : Roudor Temptations F |Parent : 3936] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.16299.15) = C:\Windows\SysWOW64\cmd.exe 14564 | [Owner : Roudor Temptations F |Parent : 17228] - (.Microsoft Corporation - Console Window Host.) - (10.0.16299.15) = C:\Windows\System32\conhost.exe 18652 | [Owner : dedie |Parent : 7496] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 12812 | [Owner : dedie |Parent : 18652] - (.Opera Software - Opera crash-reporter.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera_crashreporter.exe 1816 | [Owner : dedie |Parent : 18652] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 19252 | [Owner : dedie |Parent : 18652] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 13300 | [Owner : dedie |Parent : 18652] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 14544 | [Owner : dedie |Parent : 18652] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 13964 | [Owner : dedie |Parent : 18652] - (.Opera Software - Opera Internet Browser.) - (51.0.2830.40) = C:\Users\dedie\AppData\Local\Programs\Opera\51.0.2830.40\opera.exe 6748 | [Owner : Roudor Temptations F |Parent : 10456] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.16299.15) = C:\Windows\System32\Taskmgr.exe 3564 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Background Task Host.) - (10.0.16299.15) = C:\Windows\System32\backgroundTaskHost.exe 14468 | [Owner : Roudor Temptations F |Parent : 352] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.16299.15) = C:\Windows\System32\smartscreen.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ | Winsock ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of M:\autorun.inf : Content of L:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wwansvc]~[Start] : 2 -> 3 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : M:\SFTGC(1).exe Moved to quarantine successfully : M:\SFTGC.exe Moved to quarantine successfully : M:\SLLSetup.exe Moved to quarantine successfully : M:\rkill64.exe Moved to quarantine successfully : M:\unins000.exe Moved to quarantine successfully : M:\sih.3.6.0.0.exe Moved to quarantine successfully : M:\pre-scan_V9_18.10.19.1.exe Moved to quarantine successfully : M:\pre-scan_V9_18.10.19.1(1).exe Moved to quarantine successfully : M:\regcure_3-0-3_en_135180.exe Moved to quarantine successfully : M:\SPMSchedule.exe Moved to quarantine successfully : L:\SegurazoSetup.exe Moved to quarantine successfully : K:\360TS_Setup_10.6.0.1238.exe Moved to quarantine successfully : K:\babylon_10.3_0404716378.exe Moved to quarantine successfully : K:\BCUninstaller_4.15_setup.exe Moved to quarantine successfully : K:\DriverPack_17.10.14-19093_Network (1).exe Moved to quarantine successfully : K:\FULL-DISKfighter_web.exe Moved to quarantine successfully : K:\HijackThis.exe Moved to quarantine successfully : K:\kprm_1.13.2.exe Moved to quarantine successfully : K:\kprm_1.17.exe Moved to quarantine successfully : K:\montest.exe Moved to quarantine successfully : K:\osf.exe Moved to quarantine successfully : K:\OTM.exe Moved to quarantine successfully : K:\pc-repair-kit-setup.exe Moved to quarantine successfully : K:\quickdiag_V5_14.10.19.2.exe Moved to quarantine successfully : K:\remediate-vbs-worm_8.0.0.exe Moved to quarantine successfully : K:\Restoro.exe Moved to quarantine successfully : K:\RevoUninProSetup.exe Moved to quarantine successfully : K:\TechToolStore.exe Moved to quarantine successfully : K:\tenorshare-ios-ads-remover.exe Moved to quarantine successfully : K:\TFC.exe Moved to quarantine successfully : K:\UltraAdwareKiller.exe Moved to quarantine successfully : K:\usb-to-cloud-installer.exe Moved to quarantine successfully : K:\wd_apps_wdet_setup_4rem_sib.exe Moved to quarantine successfully : K:\webblock.exe Moved to quarantine successfully : K:\wubi-12-04-en-win.exe Moved to quarantine successfully : I:\OTL.exe Moved to quarantine successfully : I:\mbam-setup-downloaded.exe Moved to quarantine successfully : I:\fbsetup-full.exe Moved to quarantine successfully : I:\LikeNEWPCSetup.exe Moved to quarantine successfully : I:\avremover_nt64_enu.exe Moved to quarantine successfully : I:\CTR.exe Moved to quarantine successfully : I:\delfix_1.013.exe Moved to quarantine successfully : I:\kprm_1.16.exe Moved to quarantine successfully : I:\kprm_1.16 (1).exe Moved to quarantine successfully : I:\dapsetup.exe Moved to quarantine successfully : I:\GPU-Z.2.26.0.exe Moved to quarantine successfully : I:\cpu-z_1.90-en.exe Moved to quarantine successfully : I:\lfs_hyper_anti-jjad_base_setup_sib.exe Moved to quarantine successfully : I:\LFS_Hyper-ANTI-JJAD_Setup_&_Recovery_Basics_2_sib.exe Moved to quarantine successfully : H:\HijackThis.exe Moved to quarantine successfully : H:\wd_apps_wdet_setup_4rem_sib.exe Moved to quarantine successfully : H:\babylon_10.3_0404716378.exe Moved to quarantine successfully : H:\quickdiag_V5_14.10.19.2.exe Moved to quarantine successfully : H:\SFTGC.exe Moved to quarantine successfully : F:\UltraAdwareKiller64.exe Moved to quarantine successfully : F:\SFTGC.exe Moved to quarantine successfully : F:\MBSetupBETA.exe Moved to quarantine successfully : F:\UltraAdwareKiller.exe Moved to quarantine successfully : F:\webblock.exe Moved to quarantine successfully : F:\HijackThis.exe Moved to quarantine successfully : F:\BCUninstaller_4.15_setup.exe Moved to quarantine successfully : F:\TFC.exe Moved to quarantine successfully : F:\RevoUninProSetup.exe Moved to quarantine successfully : F:\kprm_1.17.exe Moved to quarantine successfully : F:\Restoro.exe Moved to quarantine successfully : F:\Process_Analyzer.exe Moved to quarantine successfully : F:\pc-repair-kit-setup.exe Moved to quarantine successfully : F:\montest.exe Moved to quarantine successfully : F:\osf.exe Moved to quarantine successfully : F:\DriverPack_17.10.14-19093_Network (1).exe Moved to quarantine successfully : F:\TechToolStore.exe Moved to quarantine successfully : F:\wubi-12-04-en-win.exe Moved to quarantine successfully : F:\OTM.exe Moved to quarantine successfully : F:\BitlordSetup_VOHWxV_3126789735.exe Moved to quarantine successfully : F:\usb-to-cloud-installer.exe Moved to quarantine successfully : F:\FULL-DISKfighter_web.exe Moved to quarantine successfully : E:\HijackThis.exe Moved to quarantine successfully : E:\SFTGC(1).exe Moved to quarantine successfully : E:\SFTGC.exe Moved to quarantine successfully : E:\tenorshare-ios-ads-remover.exe Moved to quarantine successfully : D:\SFTGC.exe Moved to quarantine successfully : C:\bootTel.dat Moved to quarantine successfully : M:\unins000.dat Moved to quarantine successfully : M:\sqlite3.dll Moved to quarantine successfully : I:\UltraAdwareKiller - Raccourci.lnk Moved to quarantine successfully : I:\UltraAdwareKiller64 - Raccourci.lnk Moved to quarantine successfully : I:\UVKPortable - Raccourci.lnk Moved to quarantine successfully : I:\ComIntRep_x64 - Raccourci.lnk Moved to quarantine successfully : I:\Booking.lnk Moved to quarantine successfully : I:\iOS Toolkit.lnk Moved to quarantine successfully : I:\Firefox.lnk Moved to quarantine successfully : I:\DriverDoc.lnk Moved to quarantine successfully : I:\Registry First Aid 11.lnk Moved to quarantine successfully : I:\CPUID CPU-Z.lnk Moved to quarantine successfully : I:\Main Box.lnk Moved to quarantine successfully : K:\msdownld.tmp Moved to quarantine successfully : E:\msdownld.tmp Moved to quarantine successfully : I:\g3n.ico Moved to quarantine successfully : I:\Monster.ico ¤¤¤¤¤¤¤¤¤¤ # ADS ¤¤¤¤¤¤¤¤¤¤ # Prefetch cleaned D:\ : Vaccinated (Vaccin created by Usbfix) E:\ : Impossible to vaccinate F:\ : Vaccinated (Vaccin created by Usbfix) H:\ : Vaccinated (Vaccin created by Usbfix) I:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files