¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:50:05 03/19/2020

Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[antifondance uc ben (Administrator)] - [DESKTOP-MDI4L2G]
SID = S-1-5-21-2163790060-3600090983-2216015307-1001

Boot: Normal boot
System : Windows 10 Home (64 bits) Core 
ProcessorNameString : Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz
Identifier : Intel64 Family 6 Model 142 Stepping 9
CoreTemp : 29.8 Celsius - Max : 99 Celsius

Memory RAM = Total (MB) : 4094 | Free (MB) : 1305
Pagefile = Total (MB) : 5793 | Free (MB) : 2392
Virtual = Total (MB) : 4194 | Free (MB) : 3945

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

L:\ -> [Removable] | [SANDISK CON] | Total : 183.32 Go | Free : 0 Go -> exFAT [USB]
K:\ -> [Removable] | [] | Total : 14.91 Go | Free : 0.02 Go -> FAT32 [USB]
J:\ -> [Removable] | [FRAMA SALIX] | Total : 14.54 Go | Free : 0.32 Go -> FAT32 [USB]
I:\ -> [Removable] | [400 Go micr] | Total : 366.76 Go | Free : 6.42 Go -> exFAT [USB]
F:\ -> [Fixed] | [VERBATIM HD] | Total : 7451.91 Go | Free : 2873.11 Go -> NTFS [USB]
E:\ -> [Fixed] | [] | Total : 0.06 Go | Free : 0 Go -> NTFS (SSD) [SATA]
D:\ -> [Fixed] | [] | Total : 0.08 Go | Free : 0.01 Go -> NTFS (SSD) [SATA]
C:\ -> [Fixed] | [] | Total : 107.07 Go | Free : 8.76 Go -> NTFS (SSD) [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates


Windows Is Activated

¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\ServiceProfiles\LocalService
C:\WINDOWS\ServiceProfiles\NetworkService
C:\Users\antifondance uc ben

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [19.03.2020 @ 19_45_36])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.18362.1     (© Microsoft Corporation. Tous droits réservés.)
GC : 80.0.3987.149     (Copyright 2019 Google LLC. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 32.0.0.330
Plugin : 32.0.0.344

���������� # Security

AS : Windows Defender Enabled
FW : 
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

2536 | [Owner :  |Parent : 924] - (.Code Sector - TeraCopy Service.) - (3.0.0.0) = C:\Program Files\TeraCopy\TeraCopyService.exe
2808 | [Owner :  |Parent : 924] - (. - .) - (0.0.0.0) = C:\Windows\System32\PanelManagerSvc.exe
2824 | [Owner :  |Parent : 924] - (. - SafiService.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiService.exe
2852 | [Owner :  |Parent : 924] - (. - SamsungPenService.) - (1.0.33.0) = C:\Program Files (x86)\Samsung\Air Command\SamsungPenService.exe
3804 | [Owner :  |Parent : 924] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxCUIService.exe
4888 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.18362.476) = C:\Windows\System32\spoolsv.exe
4116 | [Owner : Système |Parent : 924] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe
4008 | [Owner : Système |Parent : 924] - (.Intel Corporation - IntelCpHDCPSvc Executable.) - (1.0.0.1) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHDCPSvc.exe
3368 | [Owner : Système |Parent : 924] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.2.11002.3418) = C:\Windows\System32\Intel\DPTF\esif_uf.exe
5148 | [Owner : Système |Parent : 924] - (.Samsung Electronics - GripResetService.) - (1.0.0.6) = C:\Windows\System32\GripResetService.exe
5320 | [Owner : Système |Parent : 924] - (.Samsung Electronics Co., Ltd. - SamsungSystemService.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemService.exe
5344 | [Owner : Système |Parent : 924] - (.Ceramiche Ariostea - .) - (1.0.0.0) = C:\Program Files (x86)\PW2\Update.exe
5432 | [Owner : Système |Parent : 924] - (.CrypKey (Canada) Ltd. - CrypKey License Service.) - (1.1.0.2) = C:\Windows\System32\Crypserv.exe
5504 | [Owner : Système |Parent : 924] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.2.117) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHeciSvc.exe
5572 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2001.10) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MsMpEng.exe
5608 | [Owner : Système |Parent : 924] - (.Copyright 2018. - Advanced Malware Protection.) - (2.74.0.664) = C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe
7760 | [Owner : antifondance uc ben |Parent : 2808] - (. - PanelManager.) - (1.0.9.0) = C:\Program Files\Samsung\PanelManager\PanelManager.exe
7800 | [Owner : antifondance uc ben |Parent : 3368] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.2.11002.3418) = C:\Windows\Temp\DPTF\esif_assist_64.exe
7860 | [Owner : antifondance uc ben |Parent : 3452] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe
7896 | [Owner : antifondance uc ben |Parent : 2824] - (. - SafiAgent.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiAgent.exe
7944 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe
7972 | [Owner : antifondance uc ben |Parent : 5320] - (.Samsung Electronics Co., Ltd. - SamsungSystemAgent.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemAgent.exe
8120 | [Owner : LogonSessionId_0_595456 |Parent : 924] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.9135) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
8172 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe
4172 | [Owner : antifondance uc ben |Parent : 2448] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe
8328 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe
8980 | [Owner : antifondance uc ben |Parent : 8504] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxEM.exe
8604 | [Owner : LogonSessionId_0_757383 |Parent : 924] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.719) = C:\Windows\System32\SearchIndexer.exe
7292 | [Owner : antifondance uc ben |Parent : 8] - (.Intel Corporation - igfxext Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxext.exe
10008 | [Owner : antifondance uc ben |Parent : 8] - (. - .) - (8.56.0.102) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
10084 | [Owner : antifondance uc ben |Parent : 2280] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe
10120 | [Owner : antifondance uc ben |Parent : 2280] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscrite.) - (10.0.18362.1) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
10172 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.18362.239) = C:\Windows\System32\SettingSyncHost.exe
9888 | [Owner : antifondance uc ben |Parent : 4816] - (.Samsung Electronics Co., Ltd. - Samsung OSD.) - (1.0.11.0) = C:\Program Files\Samsung\SamsungOSD\OSD.exe
9392 | [Owner : antifondance uc ben |Parent : 4816] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1109) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
8716 | [Owner : antifondance uc ben |Parent : 2468] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.7) = C:\Program Files\Realtek\Audio\HDA\EP64.exe
1416 | [Owner : antifondance uc ben |Parent : 5320] - (.Samsung Electronics Co., Ltd. - SamsungSystemManager.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemManager.exe
3632 | [Owner : Aucun |Parent : 2448] - (.Samsung Electronics Co., Ltd. - Show Window.) - (1.0.0.30) = C:\Program Files (x86)\Show Window\Show Window.exe
8284 | [Owner : antifondance uc ben |Parent : 9876] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.241.7) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
9896 | [Owner : Système |Parent : 924] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.7.0.1052) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
68 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe
3460 | [Owner : Système |Parent : 924] - (.Samsung Electronics Co., Ltd. - WLAN SAR Service.) - (1.0.0.7) = C:\Windows\System32\WlSarService.exe
6824 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe
7868 | [Owner : Aucun |Parent : 2448] - (.Tweaking.com - Tweaking.com - Windows Repair Tray Icon.) - (4.1.0.0) = C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
7176 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe
3092 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe
10076 | [Owner : antifondance uc ben |Parent : 4816] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
9792 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10148 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10332 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
10340 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
9808 | [Owner : Aucun |Parent : 4816] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.18362.693) = C:\Windows\System32\Taskmgr.exe
12116 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe
8872 | [Owner : Aucun |Parent : 8] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe
6612 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe
676 | [Owner : Aucun |Parent : 2448] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe
8880 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Serveur de personnalisation d’entrée.) - (10.0.18362.1) = C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
11516 | [Owner : antifondance uc ben |Parent : 2448] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.693) = C:\Windows\explorer.exe
4696 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.693) = C:\Windows\explorer.exe
9448 | [Owner : antifondance uc ben |Parent : 8] - (. - .) - (2019.19041.20110.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.20110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
3968 | [Owner : antifondance uc ben |Parent : 11516] - (.Microsoft Corporation - Bloc-notes.) - (10.0.18362.693) = C:\Windows\System32\notepad.exe
12284 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
9324 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.18362.1) = C:\Windows\System32\CompPkgSrv.exe
6428 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe
8848 | [Owner : antifondance uc ben |Parent : 11516] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.18362.1) = C:\Windows\System32\rundll32.exe
3264 | [Owner : Aucun |Parent : 1348] - (.RoseCitySoftware - Registry First Aid Agent.) - (11.3.0.2585) = C:\Program Files\RFA 11\rfagent64.exe
7144 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
11792 | [Owner : antifondance uc ben |Parent : 20072] - (.Microsoft Corporation - Accessibilité au Clavier visuel.) - (10.0.18362.449) = C:\Windows\System32\osk.exe
11028 | [Owner : antifondance uc ben |Parent : 4696] - (.Ashampoo GmbH & Co. KG - Ashampoo Snap 10.) - (10.1.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe
20144 | [Owner : antifondance uc ben |Parent : 21716] - (.Kakao - PotPlayer.) - (0.0.0.0) = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe
15308 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
19612 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
20328 | [Owner : antifondance uc ben |Parent : 14172] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe
5092 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe
14728 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe
13980 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe
12312 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe
15948 | [Owner : Aucun |Parent : 14172] - (. - .) - (3.7.1.0) = C:\Program Files\UCheck\UCheck64.exe
18116 | [Owner : Aucun |Parent : 15948] - (.Oracle Corporation - Java Platform SE binary.) - (8.0.2410.7) = C:\Users\ANTIFO~1\AppData\Local\Temp\as_677D.tmp.exe
13996 | [Owner : Aucun |Parent : 18116] - (.Oracle Corporation - Java Platform SE binary.) - (8.0.2410.7) = C:\Users\ANTIFO~1\AppData\Local\Temp\jds36843781.tmp\as_677D.tmp.exe
19632 | [Owner : LogonSessionId_0_98758272 |Parent : 924] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.18362.1) = C:\Windows\System32\msiexec.exe
2464 | [Owner : Système |Parent : 8604] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.18362.719) = C:\Windows\System32\SearchProtocolHost.exe
9444 | [Owner : Système |Parent : 8604] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.18362.719) = C:\Windows\System32\SearchFilterHost.exe
13012 | [Owner : Système |Parent : 2448] - (.Zemana Ltd. - Advanced Malware Protection.) - (3.0.835.0) = I:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe
4560 | [Owner : Système |Parent : 15544] - (.Oracle Corporation - Java Update Registration.) - (2.8.241.7) = C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
22404 | [Owner : Système |Parent : 4560] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

�


¤¤¤¤¤¤¤¤¤¤ | Winsock


¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



Content of F:\Autoruns (2).lnk : 

L        À      F›      2q?`ÚÕän`ÚÕ`]¯ô$sÒÀ•                     PàOÐ ê:i¢Ø +00 /C:\                   b 1          ProgramData H 	  ï¾        .                             P r o g r a m D a t a    \ 1          Microsoft D 	  ï¾        .                             M i c r o s o f t    V 1          Windows @ 	  ï¾        .                             W i n d o w s    ` 1          Start Menu  F 	  ï¾        .                             S t a r t   M e n u    Z 1          Programs  B 	  ï¾        .                             P r o g r a m s    T 1     APF WinRAR  > 	  ï¾APFAPF.                          Ñó W i n R A R    ¢5     CP 8 a p p l i c a t i o n   f o r   d e b u g   a n d   f a s t u p   f o r   i n v e n t   A n t i f o n d a n c e   é   A n t i - D F M 2   B N A N   1 4 R e m   a c c o u n t s   â 	  ï¾BP)|CP¡8.   02    B               ]Mn a p p l i c a t i o n   f o r   d e b u g   a n d   f a s t u p   f o r   i n v e n t   A n t i f o n d a n c e   é   A n t i - D F M 2   B N A N   1 4 R e m   a c c o u n t s   À V 1     CP 8 cce_x64 @ 	  ï¾CP 8CP¤8.   U2    7               ]Mn c c e _ x 6 4    V 1     6J  cce_x64 @ 	  ï¾CP 8CP¡8.   .t                   †Še c c e _ x 6 4    f 2 À• 4Jo  Autoruns.exe  J 	  ï¾CP 8CP 8.   0t    
               �H� A u t o r u n s . e x e      �            /       �         9��   OS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\application for debug and fastup for invent Antifondance � Anti-DFM2 BNAN 14Rem accounts\cce_x64\cce_x64\Autoruns.exe  � . . \ . . \ . . \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ a p p l i c a t i o n   f o r   d e b u g   a n d   f a s t u p   f o r   i n v e n t   A n t i f o n d a n c e   �   A n t i - D F M 2   B N A N   1 4 R e m   a c c o u n t s \ c c e _ x 6 4 \ c c e _ x 6 4 \ A u t o r u n s . e x e � C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ a p p l i c a t i o n   f o r   d e b u g   a n d   f a s t u p   f o r   i n v e n t   A n t i f o n d a n c e   �   A n t i - D F M 2   B N A N   1 4 R e m   a c c o u n t s \ c c e _ x 6 4 \ c c e _ x 6 4      �   �       �N�9�j�I��=������  `     �X       desktop-37kc94k ��)�$P�D�q�JbO����C���Lr��V���)�$P�D�q�JbO����C���Lr��V��  	  �}  1SPS�0��C �G����sf"a  d       �   c c e _ x 6 4   ( C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ a p p l i c a t i o n   f o r   d e b u g   a n d   f a s t u p   f o r   i n v e n t   A n t i f o n d a n c e   �   A n t i - D F M 2   B N A N   1 4 R e m   a c c o u n t s \ c c e _ x 6 4 )         �   1SPS�XF�L8C���&�m�m          -   S - 1 - 5 - 2 1 - 4 2 6 5 6 2 4 6 3 5 - 2 0 1 9 9 3 3 7 5 8 - 6 1 7 3 3 9 1 2 - 1 0 0 1         �   1SPS0�%��G��`���-             A u t o r u n s . e x e            @    ��?`��          ��     )             A p p l i c a t i o n          @   `]��$s�    �  1SPS�jc(=���� �O��u         �   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ a p p l i c a t i o n   f o r   d e b u g   a n d   f a s t u p   f o r   i n v e n t   A n t i f o n d a n c e   �   A n t i - D F M 2   B N A N   1 4 R e m   a c c o u n t s \ c c e _ x 6 4 \ c c e _ x 6 4 \ A u t o r u n s . e x e       9   1SPS�mD��pH�H@.�=x�   h    H   ~1��PM�dA$'�            
Content of F:\Autoruns.lnk : 

L        �      F�      wp�T`��.�D�j��`]��$s���                    c P�O� �:i�� +00� /C:\                   b 1          ProgramData H 	  �        .                             P r o g r a m D a t a    \ 1          Microsoft D 	  �        .                             M i c r o s o f t    V 1          Windows @ 	  �        .                             W i n d o w s    ` 1          Start Menu  F 	  �        .                             S t a r t   M e n u    Z 1          Programs  B 	  �        .                             P r o g r a m s    T 1     APF� WinRAR  > 	  �APF�APF�.                          �� W i n R A R    V 1     CP�8 cce_x64 @ 	  �CP�8CP�A.   S                   gtu c c e _ x 6 4    V 1     CPB cce_x64 @ 	  �CP�8CPB.   �s    /               Y�� c c e _ x 6 4    f 2 �� 4Jo  Autoruns.exe  J 	  �CP�8CPB.   �t                   �H� A u t o r u n s . e x e      �            /       �         9��   OS C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\cce_x64\cce_x64\Autoruns.exe  ^ . . \ . . \ . . \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ c c e _ x 6 4 \ c c e _ x 6 4 \ A u t o r u n s . e x e K C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ c c e _ x 6 4 \ c c e _ x 6 4      �   �       �N�9�j�I��=������  `     �X       desktop-37kc94k ��)�$P�D�q�JbO �C���Lr��V���)�$P�D�q�JbO �C���Lr��V�)  	  ��   1SPS�0��C �G����sf"�   d       N   c c e _ x 6 4   ( C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ c c e _ x 6 4 )       �   1SPS�XF�L8C���&�m�m          -   S - 1 - 5 - 2 1 - 4 2 6 5 6 2 4 6 3 5 - 2 0 1 9 9 3 3 7 5 8 - 6 1 7 3 3 9 1 2 - 1 0 0 1         �   1SPS0�%��G��`���-             A u t o r u n s . e x e            @     KU`��          ��     )             A p p l i c a t i o n          @   `]��$s�    �   1SPS�jc(=���� �O���          Y   C : \ P r o g r a m D a t a \ M i c r o s o f t \ W i n d o w s \ S t a r t   M e n u \ P r o g r a m s \ W i n R A R \ c c e _ x 6 4 \ c c e _ x 6 4 \ A u t o r u n s . e x e         9   1SPS�mD��pH�H@.�=x�   h    H   ~1��PM�dA$'�            
���������� # Windows

 [ H K L M 6 4 \ S o f t w a r e \ M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ I n i F i l e M a p p i n g \ s y s t e m . i n i \ B o o t ] ~ [ S h e l l ]   :   S Y S : M i c r o s o f t \ W i n d o w s   N T \ C u r r e n t V e r s i o n \ W i n l o g o n  
[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
���������� # Security center

Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] :  -> C:\WINDOWS\System32\ActionCenter.dll
��������������� Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ���������������

����� XP | Vista | 7 | 8 - 32/64 bits ����� - Start 15:16:01 03/26/2020

Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[antifondance uc ben (Administrator)] - [DESKTOP-MDI4L2G]
SID = S-1-5-21-2163790060-3600090983-2216015307-1001

Boot: SafeMode with network
System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i5-7200U CPU @ 2.50GHzIdentifier : Intel64 Family 6 Model 142 Stepping 9CoreTemp : 29.8 Celsius - Max : 99 Celsius
Memory RAM = Total (MB) : 4094 | Free (MB) : 2230
Pagefile = Total (MB) : 7785 | Free (MB) : 6567
Virtual = Total (MB) : 4194 | Free (MB) : 3931

���������� # Components of starting up


����������� # Drives

O:\ -> [Removable] | [] | Total : 29.28 Go | Free : 0.3 Go -> FAT32 [USB]L:\ -> [Removable] | [FORENS OU C] | Total : 3.86 Go | Free : 1.13 Go -> FAT32 [USB]K:\ -> [Removable] | [] | Total : 29.27 Go | Free : 13.33 Go -> FAT32 [USB]I:\ -> [Removable] | [128Go micro] | Total : 117.02 Go | Free : 0.07 Go -> exFAT [USB]F:\ -> [Removable] | [Windows7Starter32x] | Total : 29.35 Go | Free : 0.52 Go -> NTFS [USB]E:\ -> [Fixed] | [] | Total : 0.06 Go | Free : 0 Go -> NTFS (SSD) [SATA]D:\ -> [Fixed] | [] | Total : 0.08 Go | Free : 0 Go -> NTFS (SSD) [SATA]C:\ -> [Fixed] | [] | Total : 107.07 Go | Free : 5.15 Go -> NTFS (SSD) [SATA]
���������� # Windows updates



���������� # Sessions

C:\WINDOWS\system32\config\systemprofileC:\WINDOWS\ServiceProfiles\LocalServiceC:\WINDOWS\ServiceProfiles\NetworkServiceC:\Users\antifondance uc ben
Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [26.03.2020 @ 15_12_15])To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore
���������� # Browsers

IE : 11.0.18362.1     (� Microsoft Corporation. Tous droits r�serv�s.)FF : 74.0.0.7373     (�Firefox and Mozilla Developers; available under the MPL 2 license.)GC : 80.0.3987.149     (Copyright 2019 Google LLC. All rights reserved.)
���������� # FlashPlayer

ActiveX : 32.0.0.330Plugin : 32.0.0.344
?????????? # Security

AV : Windows Defender EnabledAS : Windows Defender EnabledFW : WMI : OKWU: Windows Update Service [Manual(3)] = stoppedFW: Windows FireWall Service [Auto(2)] = Running
���������� # Stopped processes

2536 | [Owner :  |Parent : 924] - (.Code Sector - TeraCopy Service.) - (3.0.0.0) = C:\Program Files\TeraCopy\TeraCopyService.exe2808 | [Owner :  |Parent : 924] - (. - .) - (0.0.0.0) = C:\Windows\System32\PanelManagerSvc.exe2824 | [Owner :  |Parent : 924] - (. - SafiService.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiService.exe2852 | [Owner :  |Parent : 924] - (. - SamsungPenService.) - (1.0.33.0) = C:\Program Files (x86)\Samsung\Air Command\SamsungPenService.exe3804 | [Owner :  |Parent : 924] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxCUIService.exe4888 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Application sous-syst�me spouleur.) - (10.0.18362.476) = C:\Windows\System32\spoolsv.exe4116 | [Owner : Syst�me |Parent : 924] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe4008 | [Owner : Syst�me |Parent : 924] - (.Intel Corporation - IntelCpHDCPSvc Executable.) - (1.0.0.1) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHDCPSvc.exe3368 | [Owner : Syst�me |Parent : 924] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.2.11002.3418) = C:\Windows\System32\Intel\DPTF\esif_uf.exe5148 | [Owner : Syst�me |Parent : 924] - (.Samsung Electronics - GripResetService.) - (1.0.0.6) = C:\Windows\System32\GripResetService.exe5320 | [Owner : Syst�me |Parent : 924] - (.Samsung Electronics Co., Ltd. - SamsungSystemService.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemService.exe5344 | [Owner : Syst�me |Parent : 924] - (.Ceramiche Ariostea - .) - (1.0.0.0) = C:\Program Files (x86)\PW2\Update.exe5432 | [Owner : Syst�me |Parent : 924] - (.CrypKey (Canada) Ltd. - CrypKey License Service.) - (1.1.0.2) = C:\Windows\System32\Crypserv.exe5504 | [Owner : Syst�me |Parent : 924] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.2.117) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHeciSvc.exe5572 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2001.10) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.10-0\MsMpEng.exe5608 | [Owner : Syst�me |Parent : 924] - (.Copyright 2018. - Advanced Malware Protection.) - (2.74.0.664) = C:\Program Files (x86)\Zemana AntiLogger\ZAM.exe7760 | [Owner : antifondance uc ben |Parent : 2808] - (. - PanelManager.) - (1.0.9.0) = C:\Program Files\Samsung\PanelManager\PanelManager.exe7800 | [Owner : antifondance uc ben |Parent : 3368] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.2.11002.3418) = C:\Windows\Temp\DPTF\esif_assist_64.exe7860 | [Owner : antifondance uc ben |Parent : 3452] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe7896 | [Owner : antifondance uc ben |Parent : 2824] - (. - SafiAgent.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiAgent.exe7944 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe7972 | [Owner : antifondance uc ben |Parent : 5320] - (.Samsung Electronics Co., Ltd. - SamsungSystemAgent.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemAgent.exe8120 | [Owner : LogonSessionId_0_595456 |Parent : 924] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.9135) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe8172 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe4172 | [Owner : antifondance uc ben |Parent : 2448] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe8328 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe8980 | [Owner : antifondance uc ben |Parent : 8504] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxEM.exe8604 | [Owner : LogonSessionId_0_757383 |Parent : 924] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.18362.719) = C:\Windows\System32\SearchIndexer.exe7292 | [Owner : antifondance uc ben |Parent : 8] - (.Intel Corporation - igfxext Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxext.exe10008 | [Owner : antifondance uc ben |Parent : 8] - (. - .) - (8.56.0.102) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe10084 | [Owner : antifondance uc ben |Parent : 2280] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe10120 | [Owner : antifondance uc ben |Parent : 2280] - (.Microsoft Corporation - Clavier tactile et volet d��criture manuscrite.) - (10.0.18362.1) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe10172 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Host Process for Setting Synchronization.) - (10.0.18362.239) = C:\Windows\System32\SettingSyncHost.exe9888 | [Owner : antifondance uc ben |Parent : 4816] - (.Samsung Electronics Co., Ltd. - Samsung OSD.) - (1.0.11.0) = C:\Program Files\Samsung\SamsungOSD\OSD.exe9392 | [Owner : antifondance uc ben |Parent : 4816] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1109) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe8716 | [Owner : antifondance uc ben |Parent : 2468] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.7) = C:\Program Files\Realtek\Audio\HDA\EP64.exe1416 | [Owner : antifondance uc ben |Parent : 5320] - (.Samsung Electronics Co., Ltd. - SamsungSystemManager.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemManager.exe3632 | [Owner : Aucun |Parent : 2448] - (.Samsung Electronics Co., Ltd. - Show Window.) - (1.0.0.30) = C:\Program Files (x86)\Show Window\Show Window.exe8284 | [Owner : antifondance uc ben |Parent : 9876] - (.Oracle Corporation - Java Update Scheduler.) - (2.8.241.7) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe9896 | [Owner : Syst�me |Parent : 924] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.7.0.1052) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe68 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Service Broker du moniteur d'ex�cution System Guard.) - (10.0.18362.1) = C:\Windows\System32\SgrmBroker.exe3460 | [Owner : Syst�me |Parent : 924] - (.Samsung Electronics Co., Ltd. - WLAN SAR Service.) - (1.0.0.7) = C:\Windows\System32\WlSarService.exe6824 | [Owner : antifondance uc ben |Parent : 924] - (.Microsoft Corporation - Processus h�te pour les services Windows.) - (10.0.18362.1) = C:\Windows\System32\svchost.exe7868 | [Owner : Aucun |Parent : 2448] - (.Tweaking.com - Tweaking.com - Windows Repair Tray Icon.) - (4.1.0.0) = C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe7176 | [Owner :  |Parent : 924] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthService.exe3092 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe10076 | [Owner : antifondance uc ben |Parent : 4816] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9792 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe10148 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe10332 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe10340 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9808 | [Owner : Aucun |Parent : 4816] - (.Microsoft Corporation - Gestionnaire des t�ches.) - (10.0.18362.693) = C:\Windows\System32\Taskmgr.exe12116 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe8872 | [Owner : Aucun |Parent : 8] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe6612 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Windows Security Health Host.) - (4.18.1901.16384) = C:\Windows\System32\SecurityHealthHost.exe676 | [Owner : Aucun |Parent : 2448] - (.Microsoft Corporation - Processus h�te pour T�ches Windows.) - (10.0.18362.387) = C:\Windows\System32\taskhostw.exe8880 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Serveur de personnalisation d�entr�e.) - (10.0.18362.1) = C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe11516 | [Owner : antifondance uc ben |Parent : 2448] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.693) = C:\Windows\explorer.exe4696 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.693) = C:\Windows\explorer.exe9448 | [Owner : antifondance uc ben |Parent : 8] - (. - .) - (2019.19041.20110.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19041.20110.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe3968 | [Owner : antifondance uc ben |Parent : 11516] - (.Microsoft Corporation - Bloc-notes.) - (10.0.18362.693) = C:\Windows\System32\notepad.exe12284 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe9324 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.18362.1) = C:\Windows\System32\CompPkgSrv.exe6428 | [Owner : antifondance uc ben |Parent : 8] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18362.1) = C:\Windows\System32\RuntimeBroker.exe8848 | [Owner : antifondance uc ben |Parent : 11516] - (.Microsoft Corporation - Processus h�te Windows (Rundll32).) - (10.0.18362.1) = C:\Windows\System32\rundll32.exe3264 | [Owner : Aucun |Parent : 1348] - (.RoseCitySoftware - Registry First Aid Agent.) - (11.3.0.2585) = C:\Program Files\RFA 11\rfagent64.exe7144 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe11792 | [Owner : antifondance uc ben |Parent : 20072] - (.Microsoft Corporation - Accessibilit� au Clavier visuel.) - (10.0.18362.449) = C:\Windows\System32\osk.exe11028 | [Owner : antifondance uc ben |Parent : 4696] - (.Ashampoo GmbH & Co. KG - Ashampoo Snap 10.) - (10.1.0.0) = C:\Program Files (x86)\Ashampoo\Ashampoo Snap 10\ashsnap.exe20144 | [Owner : antifondance uc ben |Parent : 21716] - (.Kakao - PotPlayer.) - (0.0.0.0) = C:\Program Files\DAUM\PotPlayer\PotPlayerMini64.exe15308 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe19612 | [Owner : antifondance uc ben |Parent : 10076] - (.Google LLC - Google Chrome.) - (80.0.3987.149) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe20328 | [Owner : antifondance uc ben |Parent : 14172] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe5092 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe14728 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe13980 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe12312 | [Owner : antifondance uc ben |Parent : 20328] - (.Mozilla Corporation - Firefox Developer Edition.) - (75.0.0.7381) = C:\Program Files\Firefox Developer Edition\firefox.exe15948 | [Owner : Aucun |Parent : 14172] - (. - .) - (3.7.1.0) = C:\Program Files\UCheck\UCheck64.exe18116 | [Owner : Aucun |Parent : 15948] - (.Oracle Corporation - Java Platform SE binary.) - (8.0.2410.7) = C:\Users\ANTIFO~1\AppData\Local\Temp\as_677D.tmp.exe13996 | [Owner : Aucun |Parent : 18116] - (.Oracle Corporation - Java Platform SE binary.) - (8.0.2410.7) = C:\Users\ANTIFO~1\AppData\Local\Temp\jds36843781.tmp\as_677D.tmp.exe19632 | [Owner : LogonSessionId_0_98758272 |Parent : 924] - (.Microsoft Corporation - Installateur Windows�.) - (5.0.18362.1) = C:\Windows\System32\msiexec.exe2464 | [Owner : Syst�me |Parent : 8604] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.18362.719) = C:\Windows\System32\SearchProtocolHost.exe9444 | [Owner : Syst�me |Parent : 8604] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.18362.719) = C:\Windows\System32\SearchFilterHost.exe13012 | [Owner : Syst�me |Parent : 2448] - (.Zemana Ltd. - Advanced Malware Protection.) - (3.0.835.0) = I:\Program Files (x86)\Zemana\AntiMalware\AntiMalware.exe4560 | [Owner : Syst�me |Parent : 15544] - (.Oracle Corporation - Java Update Registration.) - (2.8.241.7) = C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe22404 | [Owner : Syst�me |Parent : 4560] - (.Microsoft Corporation - H�te de la fen�tre de la console.) - (10.0.18362.1) = C:\Windows\System32\conhost.exe840 | [Owner : Aucun |Parent : 1224] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18362.1) = C:\Windows\System32\sihost.exe2144 | [Owner : Aucun |Parent : 348] - (. - .) - (8.56.0.102) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.56.102.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe2128 | [Owner : Aucun |Parent : 348] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.18362.449) = C:\Windows\HelpPane.exe2092 | [Owner : Aucun |Parent : 1032] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18362.1) = C:\Windows\System32\ctfmon.exe1636 | [Owner : Aucun |Parent : 1032] - (.Microsoft Corporation - Clavier tactile et volet d��criture manuscrite.) - (10.0.18362.1) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe2584 | [Owner : Aucun |Parent : 1636] - (.Microsoft Corporation - Touch Keyboard and Handwriting Panel Helper.) - (10.0.18362.1) = C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe2720 | [Owner : Aucun |Parent : 348] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18362.1) = C:\Windows\System32\ApplicationFrameHost.exe2012 | [Owner : Aucun |Parent : 348] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.693) = C:\Windows\explorer.exe3128 | [Owner : Aucun |Parent : 1892] - (. - Usb Anti-Malware.) - (10.0.0.22) = C:\Program Files (x86)\UsbFix\UsbFix.exe1128 | [Owner : Aucun |Parent : 3128] - (.Microsoft Corporation - Bloc-notes.) - (10.0.18362.693) = C:\Windows\System32\notepad.exe3972 | [Owner : Aucun |Parent : 3128] - (.Microsoft Corporation - Bloc-notes.) - (10.0.18362.693) = C:\Windows\System32\notepad.exe2104 | [Owner :  |Parent : 848] - (.ThreatTrack Security Inc. - Anti Malware Service.) - (9.5.1.4) = C:\Program Files (x86)\VIPRE\SBAMSvc.exe3576 | [Owner :  |Parent : 848] - (.ThreatTrack Security Inc. - .) - (2.3.4.7) = C:\Program Files (x86)\VIPRE\VipreEdgeProtection.exe4044 | [Owner :  |Parent : 848] - (.ThreatTrack Security Inc. - Plug-in Manager Service.) - (9.5.1.4) = C:\Program Files (x86)\VIPRE\SBPIMSvc.exe1856 | [Owner : Aucun |Parent : 348] - (.Microsoft Corporation - Processus h�te Windows (Rundll32).) - (10.0.18362.1) = C:\Windows\System32\rundll32.exe2952 | [Owner : Aucun |Parent : 348] - (.Microsoft Corporation - Processus h�te Windows (Rundll32).) - (10.0.18362.1) = C:\Windows\System32\rundll32.exe4000 | [Owner : Aucun |Parent : 2012] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18362.693) = C:\Windows\explorer.exe3084 | [Owner : Aucun |Parent : 3640] - (.Microsoft Corporation - Accessibilit� au Clavier visuel.) - (10.0.18362.449) = C:\Windows\System32\osk.exe
���������� # Winlogon user


���������� # Winlogon machine


���������� # SafeBoot

Safeboot Keys are O.K
Alternate shell is OK !

?


���������� | Winsock


���������� # IFEO


���������� # Mountpoints2



Content of L:\autorun.inf : 

[autorun]label = SecuPerts Forensic System (USB)icon = lesslinux.ico
���������� # Windows

[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
���������� # Security center