¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_02.11.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:59:22 11/17/2016 Updated 02/11/2016 | 19.05 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Jean-Marie (Administrator)] - [LOUVRE] SID = S-1-5-21-1657509783-2825494894-1902247999-1001 Boot: Normal boot System : Windows 10 Pro (64 bits) Professional ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2348 Pagefile = Total (MB) : 5189 | Free (MB) : 3679 Virtual = Total (MB) : 4194 | Free (MB) : 3970 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\WINDOWS\Setup\Scripts\setupcomplete.cmd ¤¤¤¤¤¤¤¤¤¤¤ # Drives H:\-> [Removable] | [UUI] | Total : 7.26 Go | Free : 0.27 Go -> FAT32 [USB] G:\-> [Removable] | [sandisk ult] | Total : 115.68 Go | Free : 115.68 Go -> exFAT [USB] D:\-> [Fixed] | [Recovery Image] | Total : 13.06 Go | Free : 1.56 Go -> NTFS [SATA] C:\-> [Fixed] | [OS] | Total : 916.54 Go | Free : 864.97 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\Jean-Marie C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [17.11.2016 @ 18_32_10]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.14393.0 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 22.0.0.209 ���������� # Security AV : Ad-Aware Antivirus Disabled AS : Windows Defender Enabled FW : Ad-Aware Firewall Disabled WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 2956 | [Owner : |Parent : 732] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MsMpEng.exe 4112 | [Owner : |Parent : 732] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.10.14393.0) = C:\Program Files\Windows Defender\NisSrv.exe 140 | [Owner : Jean-Marie |Parent : 76] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.14393.0) = C:\Windows\System32\sihost.exe 5800 | [Owner : Jean-Marie |Parent : 732] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.14393.0) = C:\Windows\System32\svchost.exe 5828 | [Owner : LogonSessionId_0_9957835 |Parent : 732] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.14393.351) = C:\Windows\System32\spoolsv.exe 308 | [Owner : Système |Parent : 732] - (.SurfRight B.V. - HitmanPro.Alert.) - (3.5.3.562) = C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe 5668 | [Owner : Jean-Marie |Parent : 308] - (.SurfRight B.V. - HitmanPro.Alert.) - (3.5.3.562) = C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe 2940 | [Owner : LogonSessionId_0_10082933 |Parent : 732] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.14393.206) = C:\Windows\System32\SearchIndexer.exe 6240 | [Owner : SERVICE LOCAL |Parent : 5528] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.14393.82) = C:\Windows\System32\dasHost.exe 3596 | [Owner : Jean-Marie |Parent : 1968] - (.Disc Soft Ltd - DAEMON Tools Shell Extensions Helper.) - (8.0.0.631) = C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe 3732 | [Owner : Système |Parent : 732] - (.Disc Soft Ltd - Disc Soft Bus Service Pro.) - (8.0.0.631) = C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe 5132 | [Owner : SERVICE LOCAL |Parent : 5528] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.14393.0) = C:\Windows\System32\WUDFHost.exe 7316 | [Owner : Jean-Marie |Parent : 832] - (.Microsoft Corporation - Runtime Broker.) - (10.0.14393.0) = C:\Windows\System32\RuntimeBroker.exe 7264 | [Owner : Jean-Marie |Parent : 832] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.14393.447) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 6880 | [Owner : Jean-Marie |Parent : 832] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.14393.447) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2648 | [Owner : Jean-Marie |Parent : 76] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 5712 | [Owner : Jean-Marie |Parent : 832] - (.Microsoft Corporation - Application Frame Host.) - (10.0.14393.0) = C:\Windows\System32\ApplicationFrameHost.exe 7884 | [Owner : SERVICE RÉSEAU |Parent : 2884] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.10.14393.0) = C:\Program Files\Windows Defender\MpCmdRun.exe 228 | [Owner : Jean-Marie |Parent : 832] - (.Microsoft Corporation - SmartScreen.) - (10.0.14393.321) = C:\Windows\System32\smartscreen.exe 5216 | [Owner : Jean-Marie |Parent : 1496] - (.PortableApps.com - PortableApps.com Platform.) - (14.1.0.0) = C:\Users\Jean-Marie\Desktop\portableapps.com & emsisoft emergency kit (programfiles x64)\PortableApps\PortableApps.com\PortableAppsPlatform.exe 5796 | [Owner : Jean-Marie |Parent : 5216] - (.PortableApps.com - PortableApps.com Updater.) - (14.2.0.0) = C:\Users\Jean-Marie\Desktop\portableapps.com & emsisoft emergency kit (programfiles x64)\PortableApps\PortableApps.com\PortableAppsUpdater.exe 3256 | [Owner : Jean-Marie |Parent : 7316] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.14393.82) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 1716 | [Owner : Système |Parent : 680] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.14393.447) = C:\Windows\System32\fontdrvhost.exe 2356 | [Owner : Jean-Marie |Parent : 6992] - (.Microsoft® Windows® Operating System - Task Manager.) - (1.0.0.1) = C:\Windows\System32\Taskmgr.exe 5056 | [Owner : Jean-Marie |Parent : 76] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.14393.0) = C:\Windows\System32\taskhostw.exe 5152 | [Owner : Jean-Marie |Parent : 832] - (.Adobe Systems Incorporated - Adobe® Flash® Player Utility.) - (22.0.0.209) = C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe 5456 | [Owner : LogonSessionId_0_26970318 |Parent : 732] - (.Microsoft Corporation - Programme d’installation pour les modules Windows.) - (10.0.14393.0) = C:\Windows\servicing\TrustedInstaller.exe 6032 | [Owner : Système |Parent : 832] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.14393.0) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe 5428 | [Owner : Système |Parent : 2940] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.14393.0) = C:\Windows\System32\SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of H:\autorun.inf : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]~[EnableFirewall] : 0 -> 1 Repaired : [HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]~[EnableFirewall] : 0 -> 1 ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) G:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 15 | Restored : 15 ~ [Drive C:] : Hidden : 6 | Restored : 6 ~ [Program Files] : Hidden : 10 | Restored : 10 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 5 | Restored : 5 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 43 | Restored : 41 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 175 | Restored : 175 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=954G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 End : 20:36:28 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 205