¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_23.11.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:04:30 01/20/2020 Updated 23/11/2019 | 14:40 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1356 Pagefile = Total (MB) : 6297 | Free (MB) : 4193 Virtual = Total (MB) : 4194 | Free (MB) : 3858 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives T:\-> [Fixed] | [ZALMAN] | Total : 931.47 Go | Free : 914.28 Go -> NTFS [USB] F:\-> [CDROM] | [Recovery13] | Total : 4.04 Go | Free : 0 Go -> UDF [SATA] C:\-> [Fixed] | [OS] | Total : 488.66 Go | Free : 150.43 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\jean- C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [20.01.2020 @ 17_39_48]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.19536.1000 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 32.0.0.293 ���������� # Security AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1440 | [Owner : |Parent : 764] - (.Code Sector - TeraCopy Service.) - (3.0.0.0) = C:\Program Files\TeraCopy\TeraCopyService.exe 2700 | [Owner : |Parent : 764] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19536.1000) = C:\Windows\System32\spoolsv.exe 2912 | [Owner : Système |Parent : 764] - (.Byte Technologies LLC - ByteFence Anti-Malware.) - (5.5.0.2) = C:\Program Files\ByteFence\ByteFenceService.exe 3024 | [Owner : LogonSessionId_0_183158 |Parent : 764] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.9135) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 3180 | [Owner : Système |Parent : 764] - (.Byte Technologies LLC. - ByteFence Real-time Protection Service.) - (1.2.0.0) = C:\Program Files\ByteFence\rtop\bin\rtop_svc.exe 3236 | [Owner : |Parent : 764] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.1911.3) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe 3276 | [Owner : Système |Parent : 764] - (.Corel Corporation - WinZip Smart Monitor Service.) - (2.11.1.8) = C:\Program Files\WinZip Smart Monitor\WinZip Smart Monitor Service.exe 3420 | [Owner : SERVICE LOCAL |Parent : 2944] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19536.1000) = C:\Windows\System32\dasHost.exe 1068 | [Owner : jean- |Parent : 1960] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19536.1000) = C:\Windows\System32\sihost.exe 1556 | [Owner : jean- |Parent : 764] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19536.1000) = C:\Windows\System32\svchost.exe 1728 | [Owner : jean- |Parent : 764] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19536.1000) = C:\Windows\System32\svchost.exe 2172 | [Owner : jean- |Parent : 3180] - (.Byte Technologies LLC. - ByteFence Real-time Protection Background Process.) - (1.2.0.0) = C:\Program Files\ByteFence\rtop\bin\rtop_bg.exe 2352 | [Owner : jean- |Parent : 1532] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19536.1000) = C:\Windows\System32\taskhostw.exe 5172 | [Owner : jean- |Parent : 1252] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19536.1000) = C:\Windows\explorer.exe 5448 | [Owner : jean- |Parent : 2364] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) - (10.0.19536.1000) = C:\Windows\System32\osk.exe 5696 | [Owner : jean- |Parent : 5644] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19536.1000) = C:\Windows\System32\ctfmon.exe 5936 | [Owner : jean- |Parent : 764] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19536.1000) = C:\Windows\System32\svchost.exe 1456 | [Owner : jean- |Parent : 3276] - (.Corel Corporation - WinZip Smart Monitor.) - (2.11.1.8) = C:\Program Files\WinZip Smart Monitor\WinZipSmartMonitor.exe 668 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - .) - (1911.2500.0.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe 3096 | [Owner : jean- |Parent : 968] - (. - .) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 1152 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 6396 | [Owner : LogonSessionId_0_1001687 |Parent : 764] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19536.1000) = C:\Windows\System32\SearchIndexer.exe 6412 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 6928 | [Owner : jean- |Parent : 968] - (. - .) - (1.19122.89.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19122.89.0_x64__8wekyb3d8bbwe\YourPhone.exe 5540 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.19536.1000) = C:\Windows\System32\SettingSyncHost.exe 6040 | [Owner : jean- |Parent : 5172] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19536.1000) = C:\Windows\System32\SecurityHealthSystray.exe 5564 | [Owner : jean- |Parent : 5172] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1129) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 7224 | [Owner : |Parent : 764] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe 7312 | [Owner : jean- |Parent : 5172] - (.Web Bar Media - App.) - (5.6.6830.25570) = C:\Program Files\WebBarMedia\5.6.6830.25570\winwb.exe 7744 | [Owner : jean- |Parent : 5172] - (.Microsoft Corporation - Internet Explorer.) - (11.0.19536.1000) = C:\Program Files\Internet Explorer\iexplore.exe 7880 | [Owner : jean- |Parent : 764] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19536.1000) = C:\Windows\System32\svchost.exe 1640 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Search application.) - (10.0.19536.1000) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 5460 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 6616 | [Owner : jean- |Parent : 7744] - (.Microsoft Corporation - Internet Explorer.) - (11.0.19536.1000) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 5832 | [Owner : |Parent : 764] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19536.1000) = C:\Windows\System32\SgrmBroker.exe 5348 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 7760 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.19536.1000) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 6332 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 2672 | [Owner : jean- |Parent : 2132] - (.Corel Corporation - Tray notification helper.) - (1.11.0.6) = C:\Program Files\WinZip Registry Optimizer\RONotifier.exe 3016 | [Owner : jean- |Parent : 2672] - (.Corel Corporation - Tray notification helper.) - (1.11.0.6) = C:\Program Files\WinZip Registry Optimizer\RONotifier.exe 7992 | [Owner : Système |Parent : 3236] - (.Microsoft Corporation - Antimalware Service Executable Content Process.) - (1.1.16627.0) = C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe 2468 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19536.1000) = C:\Windows\System32\ApplicationFrameHost.exe 8212 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Browser_Broker.) - (11.0.19536.1000) = C:\Windows\System32\browser_broker.exe 8800 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 5584 | [Owner : jean- |Parent : 8800] - (.Microsoft Corporation - Microsoft Edge Web Platform.) - (11.0.19536.1000) = C:\Windows\System32\MicrosoftEdgeSH.exe 7740 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19536.1000) = C:\Windows\System32\RuntimeBroker.exe 5864 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19536.1000) = C:\Windows\explorer.exe 5408 | [Owner : SERVICE LOCAL |Parent : 764] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.19536.1000) = C:\Windows\System32\WUDFHost.exe 1072 | [Owner : Système |Parent : 5480] - (. - Umonit MFC Application.) - (15.0.0.9) = C:\Windows\SysWOW64\UMonit.exe 7628 | [Owner : jean- |Parent : 4408] - (.voidtools - Everything.) - (1.4.1.935) = C:\Program Files\Everything\Everything.exe 7024 | [Owner : jean- |Parent : 7628] - (.voidtools - Everything.) - (1.4.1.935) = C:\Program Files\Everything\Everything.exe 3428 | [Owner : jean- |Parent : 3432] - (.IObit - IObitUnlocker.) - (1.4.1.26) = C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe 9048 | [Owner : jean- |Parent : 5864] - (. - .) - (0.0.0.0) = C:\Users\jean-\AppData\Local\Temp\Temp1_unlocker-1-9-2.zip\Unlocker1.9.2.exe 4584 | [Owner : jean- |Parent : 7024] - (.IObit - IObitUnlocker.) - (1.4.1.26) = C:\Program Files (x86)\IObit\IObit Unlocker\IObitUnlocker.exe 2084 | [Owner : jean- |Parent : 5172] - (.Microsoft Corporation - Application Windows Wordpad.) - (10.0.19536.1000) = C:\Program Files\Windows NT\Accessories\wordpad.exe 4700 | [Owner : jean- |Parent : 764] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19536.1000) = C:\Windows\System32\svchost.exe 1572 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Background Task Host.) - (10.0.19536.1000) = C:\Windows\System32\backgroundTaskHost.exe 8768 | [Owner : jean- |Parent : 6264] - (.IObit - UninstallerMonitor.) - (9.2.0.6) = C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe 5192 | [Owner : jean- |Parent : 7924] - (.Reincubate Ltd - iPhone Backup Extractor.) - (7.7.11.2534) = C:\Users\jean-\AppData\Roaming\Reincubate\iPhone Backup Extractor\iPhoneBackupExtractor-2534.exe 6356 | [Owner : Système |Parent : 7504] - (.Microsoft Corporation - Microsoft Compatibility Telemetry.) - (10.0.19536.1000) = C:\Windows\System32\CompatTelRunner.exe 1172 | [Owner : Système |Parent : 6356] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19536.1000) = C:\Windows\System32\conhost.exe 7544 | [Owner : jean- |Parent : 4000] - (.IObit - Uninstall Programs.) - (9.2.0.16) = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe 4776 | [Owner : jean- |Parent : 7312] - (.DigiDNA - iMazing Setup .) - (2.10.6.0) = C:\Users\jean-\Downloads\iMazing2forWindows.exe 6808 | [Owner : jean- |Parent : 4776] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\jean-\AppData\Local\Temp\is-R42O0.tmp\iMazing2forWindows.tmp 7580 | [Owner : jean- |Parent : 6808] - (.DigiDNA - iMazing Setup .) - (2.10.6.0) = C:\Users\jean-\Downloads\iMazing2forWindows.exe 1308 | [Owner : jean- |Parent : 7580] - (. - Setup/Uninstall.) - (51.1052.0.0) = C:\Users\jean-\AppData\Local\Temp\is-OK5N8.tmp\iMazing2forWindows.tmp 7916 | [Owner : jean- |Parent : 228] - (.IObit - Advanced SystemCare.) - (13.2.0.219) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe 5608 | [Owner : jean- |Parent : 228] - (.IObit - Performance Monitor.) - (13.2.0.195) = C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe 6528 | [Owner : Système |Parent : 764] - (.IObit - Advanced SystemCare Service.) - (13.0.0.161) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe 2392 | [Owner : jean- |Parent : 7916] - (.IObit - Advanced SystemCare Tray.) - (13.0.0.760) = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe 6692 | [Owner : jean- |Parent : 6572] - (.IObit - Driver Booster.) - (7.2.0.580) = C:\Program Files (x86)\IObit\Driver Booster\7.2.0\DriverBooster.exe 6192 | [Owner : jean- |Parent : 4820] - (.WebDiscover Media - WebDiscover Browser.) - (4.32.2.0) = C:\Program Files\WebDiscoverBrowser\4.32.2\browser.exe 4040 | [Owner : jean- |Parent : 6192] - (.WebDiscover Media - WebDiscover Browser.) - (4.32.2.0) = C:\Program Files\WebDiscoverBrowser\4.32.2\browser.exe 8788 | [Owner : jean- |Parent : 4040] - (.WebDiscover Media - WebDiscover Browser.) - (4.32.2.0) = C:\Program Files\WebDiscoverBrowser\4.32.2\browser.exe 9916 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Background Task Host.) - (10.0.19536.1000) = C:\Windows\System32\backgroundTaskHost.exe 9428 | [Owner : jean- |Parent : 6192] - (.WebDiscover Media - WebDiscover Browser.) - (4.32.2.0) = C:\Program Files\WebDiscoverBrowser\4.32.2\browser.exe 8708 | [Owner : jean- |Parent : 1532] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19536.1000) = C:\Windows\System32\taskhostw.exe 9440 | [Owner : Système |Parent : 764] - (.Apple Inc. - Bonjour Service.) - (3.1.0.1) = C:\Program Files\Bonjour\mDNSResponder.exe 4800 | [Owner : Système |Parent : 764] - (.Apple Inc. - MobileDeviceService.) - (474.0.2.4) = C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 2356 | [Owner : SERVICE LOCAL |Parent : 764] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.19536.1000) = C:\Windows\System32\WUDFHost.exe 5076 | [Owner : jean- |Parent : 7500] - (.Systweak Software - Advanced System Optimizer.) - (3.9.3645.17962) = C:\Program Files (x86)\Advanced System Optimizer 3\ASO3.exe 2668 | [Owner : jean- |Parent : 3560] - (.Byte Technologies LLC - ByteFence Anti-Malware.) - (5.5.0.2) = C:\Program Files\ByteFence\ByteFence.exe 7656 | [Owner : jean- |Parent : 6192] - (.WebDiscover Media - WebDiscover Browser.) - (4.32.2.0) = C:\Program Files\WebDiscoverBrowser\4.32.2\browser.exe 9852 | [Owner : Système |Parent : 764] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 10108 | [Owner : Système |Parent : 9852] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 10288 | [Owner : jean- |Parent : 9856] - (.Systweak Software - Advanced System Protector.) - (2.3.1000.25195) = C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe 8072 | [Owner : jean- |Parent : 968] - (.Adobe - Adobe® Flash® Player Utility.) - (32.0.0.293) = C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe 10712 | [Owner : Système |Parent : 764] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 5904 | [Owner : jean- |Parent : 2668] - (.Reason Software Company Inc. - Reason Security Engine Helper.) - (3.0.0.22) = C:\Program Files\ByteFence\rsEngineHelper.exe 8564 | [Owner : jean- |Parent : 5904] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19536.1000) = C:\Windows\System32\conhost.exe 11160 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Windows Defender application.) - (10.0.19536.1000) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe 10468 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Paramètres.) - (10.0.19536.1000) = C:\Windows\ImmersiveControlPanel\SystemSettings.exe 288 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe 11392 | [Owner : jean- |Parent : 968] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthHost.exe 11760 | [Owner : Système |Parent : 3236] - (.Microsoft Corporation - Antimalware Service Executable Content Process.) - (1.1.16627.0) = C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ | Winsock ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 1 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$I0LYXTP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$IB7CXD3.exe_987b39931390989458df7b9aa89c691db96ce7fb_194af0dd_d9f76d4c-84f9-4c9f-97cf-28102a8e9c3b Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$IFIAZFF.exe_cefb889f2a9718fb84c79913bfd099588692cff5_59cec2dc_cab_5d1b9497-8090-4736-87ae-cebc89dde221 Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$IG6Q3QP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$INQ8Z16.exe_987b39931390989458df7b9aa89c691db96ce7fb_194af0dd_aa547102-9b6d-4ad0-829d-245c69db94c5 Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$IO3BFOV.exe_987b39931390989458df7b9aa89c691db96ce7fb_194af0dd_61f18261-9160-4d06-8c16-15d90d2828c0 Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$IOG7L34.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$ISY53II.exe_dc83ed71d4bb8698ae3f80369ca26c7111ea57d2_a54eaef3_eeca619b-a6fd-46c4-9728-cb5f94d52c12 Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$R0LYXTP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$RG6Q3QP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-4265624635-2019933758-61733912-1001\$ROG7L34.exe Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\undefined Deleted : HKLM\Software\Nico Mak Computing Moved to quarantine successfully : C:\WINDOWS\Tasks\ASO-AutoCheckUpdate7Days.job Moved to quarantine successfully : C:\WINDOWS\Tasks\Duplicate Files FixerNotifier.job Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[WebDefence] : C:\Program Files\WebDefence\1.11.0\webdefence.exe Moved to quarantine successfully : C:\Users\Public\Desktop\WinZip Registry Optimizer.lnk Moved to quarantine successfully : C:\34fed7c1-35a0-4f5d-83ef-950dafc9a684.exe Will be moved in quarantine at reboot : C:\DumpStack.log.tmp Will be moved in quarantine at reboot : C:\DumpStack.log.tmp ¤¤¤¤¤¤¤¤¤¤ # ADS ¤¤¤¤¤¤¤¤¤¤ # Prefetch cleaned T:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 3 | Restored : 2 ~ [Program Files] : Hidden : 31 | Restored : 31 ~ [Windows] : Hidden : 11 | Restored : 10 ~ [AppData] : Hidden : 2 | Restored : 2 End : 19:48:30 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 261