¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 18:08:35 06/03/2019 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [EFM_UEFM_Barrow_U (Administrator)] - [DESKTOP-9I710DV] SID = S-1-5-21-132225022-3335974131-4250315207-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 142 Stepping 9 CoreTemp : 29.8 Celsius - Max : 99 Celsius Memory RAM = Total (MB) : 4094 | Free (MB) : 2261 Pagefile = Total (MB) : 5536 | Free (MB) : 3752 Virtual = Total (MB) : 4194 | Free (MB) : 3837 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives H:\-> [Removable] | [MULTIBOOT] | Total : 1.9 Go | Free : 0.34 Go -> FAT32 [USB] G:\-> [Removable] | [COMPANION wintobootic] | Total : 30.03 Go | Free : 2.68 Go -> NTFS [USB] F:\-> [Removable] | [128Go micro] | Total : 117.02 Go | Free : 45.41 Go -> exFAT [USB] E:\-> [Fixed] | [WD Elements] | Total : 929.42 Go | Free : 392.8 Go -> NTFS [USB] D:\-> [Removable] | [micro sd] | Total : 29.71 Go | Free : 29.54 Go -> exFAT (SSD) [SD] C:\-> [Fixed] | [] | Total : 107.22 Go | Free : 26.83 Go -> NTFS (SSD) [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\windows\ServiceProfiles\LocalService C:\windows\ServiceProfiles\NetworkService C:\Users\EFM_UEFM_Barrow_U Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [03.06.2019 @ 18_05_23]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.16299.371 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 32.0.0.171 ���������� # Security AV : Windows Defender Enabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 860 | [Owner : UMFD-0 |Parent : 640] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.1004) = C:\Windows\System32\fontdrvhost.exe 460 | [Owner : UMFD-1 |Parent : 424] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.1004) = C:\Windows\System32\fontdrvhost.exe 1916 | [Owner : Système |Parent : 716] - (. - .) - (0.0.0.0) = C:\Windows\System32\PanelManagerSvc.exe 1924 | [Owner : Système |Parent : 716] - (.Samsung Electronics Co.,Ltd. - Samsung Radio Control Delegation Service executable.) - (2.3.0.7) = C:\Windows\System32\RCDService.exe 1936 | [Owner : Système |Parent : 716] - (. - SafiService.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiService.exe 1948 | [Owner : Système |Parent : 716] - (. - SamsungPenService.) - (1.0.33.0) = C:\Program Files (x86)\Samsung\Air Command\SamsungPenService.exe 2440 | [Owner : Système |Parent : 716] - (.Intel Corporation - igfxCUIService Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxCUIService.exe 3124 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.16299.371) = C:\Windows\System32\spoolsv.exe 3520 | [Owner : Système |Parent : 716] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework.) - (8.2.11002.3418) = C:\Windows\System32\Intel\DPTF\esif_uf.exe 3528 | [Owner : Système |Parent : 716] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\Windows\System32\DbxSvc.exe 3536 | [Owner : Système |Parent : 716] - (.Windows (R) Win 7 DDK provider - Windows Setup API.) - (10.0.10011.16384) = C:\Windows\System32\drivers\AdminService.exe 3564 | [Owner : Système |Parent : 716] - (.Intel Corporation - IntelCpHDCPSvc Executable.) - (1.0.0.1) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHDCPSvc.exe 3580 | [Owner : Système |Parent : 716] - (.Samsung Electronics - GripResetService.) - (1.0.0.6) = C:\Windows\System32\GripResetService.exe 3740 | [Owner : Système |Parent : 716] - (.Samsung Electronics Co., Ltd. - SamsungSystemService.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemService.exe 3760 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - Windows Security Health Service.) - (4.12.16299.309) = C:\Windows\System32\SecurityHealthService.exe 3836 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.12.16299.1004) = C:\Program Files\Windows Defender\MsMpEng.exe 4140 | [Owner : Système |Parent : 716] - (.Intel Corporation - IntelCpHeciSvc Executable.) - (9.0.2.117) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\IntelCpHeciSvc.exe 4500 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 4796 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5004 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5096 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5204 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5328 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.16299.15) = C:\Windows\System32\WUDFHost.exe 5692 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - Microsoft Network Realtime Inspection Service.) - (4.12.16299.15) = C:\Program Files\Windows Defender\NisSrv.exe 6112 | [Owner : EFM_UEFM_Barrow_U |Parent : 1916] - (. - PanelManager.) - (1.0.9.0) = C:\Program Files\Samsung\PanelManager\PanelManager.exe 4776 | [Owner : EFM_UEFM_Barrow_U |Parent : 3520] - (.Intel Corporation - Intel(R) Dynamic Platform and Thermal Framework Utility Application.) - (8.2.11002.3418) = C:\Windows\Temp\DPTF\esif_assist_64.exe 6208 | [Owner : EFM_UEFM_Barrow_U |Parent : 1936] - (. - SafiAgent.) - (1.0.0.7) = C:\Windows\System32\DriverStore\FileRepository\safidrv.inf_amd64_0e89535d35916282\SafiAgent.exe 6236 | [Owner : EFM_UEFM_Barrow_U |Parent : 1612] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe 6248 | [Owner : EFM_UEFM_Barrow_U |Parent : 716] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 6344 | [Owner : EFM_UEFM_Barrow_U |Parent : 3740] - (.Samsung Electronics Co., Ltd. - SamsungSystemAgent.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemAgent.exe 6380 | [Owner : EFM_UEFM_Barrow_U |Parent : 716] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 6464 | [Owner : SERVICE LOCAL |Parent : 716] - (.Microsoft Corporation - PresentationFontCache.exe.) - (3.0.6920.8833) = C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe 6536 | [Owner : EFM_UEFM_Barrow_U |Parent : 1404] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.16299.15) = C:\Windows\System32\taskhostw.exe 6968 | [Owner : EFM_UEFM_Barrow_U |Parent : 6908] - (.Intel Corporation - igfxEM Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxEM.exe 6992 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Intel Corporation - igfxext Module.) - (6.15.10.4599) = C:\Windows\System32\DriverStore\FileRepository\ki120832.inf_amd64_2ded2fe16badb11a\igfxext.exe 7544 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 7688 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 8120 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (. - .) - (8.46.0.60) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 8344 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.16299.785) = C:\Windows\System32\SearchIndexer.exe 8676 | [Owner : Système |Parent : 6548] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe 8700 | [Owner : Système |Parent : 6548] - (.Google LLC - Google Crash Handler.) - (1.3.34.11) = C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe 6080 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 5432 | [Owner : EFM_UEFM_Barrow_U |Parent : 1648] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.16299.15) = C:\Windows\System32\ctfmon.exe 564 | [Owner : EFM_UEFM_Barrow_U |Parent : 1648] - (.Microsoft Corporation - Clavier tactile et volet d’écriture manuscrite.) - (10.0.16299.755) = C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe 5784 | [Owner : EFM_UEFM_Barrow_U |Parent : 6856] - (.Microsoft Corporation - Windows Defender notification icon.) - (4.12.16299.15) = C:\Program Files\Windows Defender\MSASCuiL.exe 5764 | [Owner : EFM_UEFM_Barrow_U |Parent : 6856] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.1109) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 7792 | [Owner : EFM_UEFM_Barrow_U |Parent : 7632] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.7) = C:\Program Files\Realtek\Audio\HDA\EP64.exe 7572 | [Owner : EFM_UEFM_Barrow_U |Parent : 6856] - (.Samsung Electronics Co., Ltd. - Samsung OSD.) - (1.0.11.0) = C:\Program Files\Samsung\SamsungOSD\OSD.exe 9068 | [Owner : EFM_UEFM_Barrow_U |Parent : 6856] - (.Box, Inc. - Box Sync.) - (4.0.7929.0) = C:\Program Files\Box\Box Sync\BoxSync.exe 7596 | [Owner : EFM_UEFM_Barrow_U |Parent : 3740] - (.Samsung Electronics Co., Ltd. - SamsungSystemManager.) - (1.0.48.0) = C:\Program Files (x86)\Samsung\Samsung System Agent\SamsungSystemManager.exe 7220 | [Owner : EFM_UEFM_Barrow_U |Parent : 1404] - (.Samsung Electronics Co., Ltd. - Show Window.) - (1.0.0.30) = C:\Program Files (x86)\Show Window\Show Window.exe 6116 | [Owner : EFM_UEFM_Barrow_U |Parent : 6856] - (.Microsoft Corporation - Microsoft OneDrive.) - (19.70.410.5) = C:\Users\EFM_UEFM_Barrow_U\AppData\Local\Microsoft\OneDrive\OneDrive.exe 9312 | [Owner : EFM_UEFM_Barrow_U |Parent : 6856] - (. - .) - (3.43.4275.9540) = C:\Program Files\Google\Drive\googledrivesync.exe 9336 | [Owner : EFM_UEFM_Barrow_U |Parent : 9068] - (. - .) - (0.0.0.0) = C:\Program Files\Box\Box Sync\BoxSyncMonitor.exe 9660 | [Owner : EFM_UEFM_Barrow_U |Parent : 9616] - (.Dropbox, Inc. - Dropbox.) - (74.3.110.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 9676 | [Owner : EFM_UEFM_Barrow_U |Parent : 9660] - (.Dropbox, Inc. - Dropbox.) - (74.3.110.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 9700 | [Owner : EFM_UEFM_Barrow_U |Parent : 9676] - (.Dropbox, Inc. - Dropbox.) - (74.3.110.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 9748 | [Owner : EFM_UEFM_Barrow_U |Parent : 9660] - (.Dropbox, Inc. - Dropbox.) - (74.3.110.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe 2488 | [Owner : EFM_UEFM_Barrow_U |Parent : 9312] - (. - .) - (3.43.4275.9540) = C:\Program Files\Google\Drive\googledrivesync.exe 1244 | [Owner : EFM_UEFM_Barrow_U |Parent : 9660] - (.The Qt Company Ltd. - Qt Qtwebengineprocess.) - (5.12.3.0) = C:\Program Files (x86)\Dropbox\Client\74.3.110\QtWebEngineProcess.exe 1304 | [Owner : EFM_UEFM_Barrow_U |Parent : 9660] - (.The Qt Company Ltd. - Qt Qtwebengineprocess.) - (5.12.3.0) = C:\Program Files (x86)\Dropbox\Client\74.3.110\QtWebEngineProcess.exe 5392 | [Owner : EFM_UEFM_Barrow_U |Parent : 1404] - (.Samsung Electronics Co., Ltd. - S Agent.) - (1.1.5.8) = C:\Program Files\Samsung\S Agent\CommonAgent.exe 8916 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\Windows\System32\ApplicationFrameHost.exe 8912 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 6272 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Browser_Broker.) - (11.0.16299.1029) = C:\Windows\System32\browser_broker.exe 2184 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 8772 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Runtime Broker.) - (10.0.16299.15) = C:\Windows\System32\RuntimeBroker.exe 10744 | [Owner : EFM_UEFM_Barrow_U |Parent : 2488] - (. - .) - (3.43.4275.9540) = C:\PROGRA~1\Google\Drive\GOOGLE~1.EXE 5108 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 6128 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe 11316 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 11700 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 11792 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 12056 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft OneDriveFile Co-Authoring Executable.) - (19.70.410.5) = C:\Users\EFM_UEFM_Barrow_U\AppData\Local\Microsoft\OneDrive\19.070.0410.0005\FileCoAuth.exe 10152 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 10928 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 12948 | [Owner : EFM_UEFM_Barrow_U |Parent : 10744] - (. - .) - (3.43.4275.9540) = C:\PROGRA~1\Google\Drive\GOOGLE~1.EXE 13120 | [Owner : EFM_UEFM_Barrow_U |Parent : 716] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.16299.15) = C:\Windows\System32\svchost.exe 13264 | [Owner : EFM_UEFM_Barrow_U |Parent : 12948] - (. - .) - (3.43.4275.9540) = C:\PROGRA~1\Google\Drive\GOOGLE~1.EXE 2524 | [Owner : Système |Parent : 716] - (. - GoodSync Server.) - (10.9.33.3) = C:\Program Files\Siber Systems\GoodSync\gs-server.exe 13880 | [Owner : Système |Parent : 716] - (.Intel Corporation - Intel(R) Dynamic Application Loader Host Interface.) - (11.7.0.1052) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe 14020 | [Owner : Système |Parent : 716] - (.Microsoft Corporation - sedsvc.) - (10.0.17134.10059) = C:\Program Files\rempl\sedsvc.exe 14044 | [Owner : EFM_UEFM_Barrow_U |Parent : 13264] - (. - .) - (3.43.4275.9540) = C:\PROGRA~1\Google\Drive\GOOGLE~1.EXE 14120 | [Owner : Système |Parent : 716] - (.Samsung Electronics Co., Ltd. - WLAN SAR Service.) - (1.0.0.7) = C:\Windows\System32\WlSarService.exe 3184 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.16299.15) = C:\Windows\System32\rundll32.exe 11140 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.16299.1004) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 7108 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.16299.1004) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 10840 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 2392 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft PDF Reader Component.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftPdfReader.exe 3912 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 10308 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 740 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 4728 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.16299.1059) = C:\Windows\System32\smartscreen.exe 11292 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 12864 | [Owner : EFM_UEFM_Barrow_U |Parent : 900] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.16299.1059) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe 8504 | [Owner : EFM_UEFM_Barrow_U |Parent : 3200] - (.Microsoft Corporation - Bloc-notes.) - (10.0.16299.15) = C:\Windows\System32\notepad.exe 12156 | [Owner : EFM_UEFM_Barrow_U |Parent : 3200] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.16299.248) = C:\Windows\System32\Taskmgr.exe 5256 | [Owner : Système |Parent : 8344] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.16299.785) = C:\Windows\System32\SearchProtocolHost.exe 2060 | [Owner : Système |Parent : 8344] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.16299.248) = C:\Windows\System32\SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of H:\autorun.inf : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wwansvc]~[Start] : 2 -> 3 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[BoxSync] : "C:\Program Files\Box\Box Sync\BoxSync.exe" -m Moved to quarantine successfully : F:\zentimosetuppro_2-1-5.exe Moved to quarantine successfully : F:\npp.7.6.6.Installer.x64.exe Moved to quarantine successfully : F:\Quick_Any2Ico.exe Moved to quarantine successfully : F:\OUTDATEfighter_Web.exe Moved to quarantine successfully : F:\imedia-converter-deluxe-win-fr_setup_full1953.exe Moved to quarantine successfully : F:\Slowin Killer.exe Moved to quarantine successfully : F:\Ext2Fsd-0.69.exe Moved to quarantine successfully : F:\Ext2IFS_1_12.exe Moved to quarantine successfully : F:\npp.7.7.Installer.x64.exe Moved to quarantine successfully : F:\UltraAdwareKiller.exe Moved to quarantine successfully : F:\TechToolStore.exe Moved to quarantine successfully : F:\UVKInstaller.exe Moved to quarantine successfully : F:\GoodSync-v10-2Go-Setup.exe Moved to quarantine successfully : F:\IsooBackupSetup241697.exe Moved to quarantine successfully : F:\Setup_WinSweeper_2019.exe Moved to quarantine successfully : C:\bootTel.dat Moved to quarantine successfully : F:\Lecteur USB (D).lnk Will be moved in quarantine at reboot : E:\msdownld.tmp ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned F:\ : Vaccinated (Vaccin created by Usbfix) H:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 2 | Restored : 2 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Pictures] : Hidden : 1 | Restored : 1 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 119 | Restored : 117 ~ [AppData] : Hidden : 6 | Restored : 6 End : 18:25:08 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 283