¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_13.07.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 16:34:38 08/29/2017 Updated 13/07/2017 | 18.30 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [ichan (Administrator)] - [PRASANAA] SID = S-1-5-21-2209834188-1265088169-1137962746-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i3-6006U CPU @ 2.00GHz Identifier : Intel64 Family 6 Model 78 Stepping 3 Memory RAM = Total (MB) : 4088 | Free (MB) : 2929 Pagefile = Total (MB) : 5136 | Free (MB) : 4064 Virtual = Total (MB) : 4194 | Free (MB) : 3977 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives D:\-> [Removable] | [PRASANAA] | Total : 7.21 Go | Free : 3 Go -> FAT32 [USB] C:\-> [Fixed] | [OS] | Total : 118.13 Go | Free : 40.36 Go -> NTFS (SSD) [RAID] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Microsoft : + ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\defaultuser0 C:\Users\ichan Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [29.08.2017 @ 16_34_06]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.15063.0 (© Microsoft Corporation.) GC : 60.0.3112.113 (Copyright 2016 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 26.0.0.151 WMI : /!\ WU: Windows Update Service [Disabled(4)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Disabled(4)] = stopped ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1336 | [Owner : |Parent : 700] - (.Microsoft Corporation - Windows Security Health Service.) - (4.11.15063.483) = C:\Windows\System32\SecurityHealthService.exe 1348 | [Owner : |Parent : 700] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.11.15063.447) = C:\Program Files\Windows Defender\MsMpEng.exe 4996 | [Owner : Système |Parent : 5440] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.15063.483) = C:\Windows\System32\fontdrvhost.exe 3424 | [Owner : ichan |Parent : 1248] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.15063.0) = C:\Windows\System32\sihost.exe 528 | [Owner : ichan |Parent : 700] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 1880 | [Owner : ichan |Parent : 700] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 1704 | [Owner : ichan |Parent : 1196] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.15063.0) = C:\Windows\System32\taskhostw.exe 1304 | [Owner : ichan |Parent : 4240] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.15063.447) = C:\Windows\explorer.exe 2224 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.15063.0) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 6084 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.15063.332) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 2024 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - Runtime Broker.) - (10.0.15063.0) = C:\Windows\System32\RuntimeBroker.exe 5100 | [Owner : ichan |Parent : 700] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.15063.0) = C:\Windows\System32\svchost.exe 544 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - System Settings Broker.) - (10.0.15063.0) = C:\Windows\System32\SystemSettingsBroker.exe 5064 | [Owner : ichan |Parent : 1196] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.226) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 6140 | [Owner : ichan |Parent : 1196] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.0.984) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe 516 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - Application Frame Host.) - (10.0.15063.0) = C:\Windows\System32\ApplicationFrameHost.exe 5776 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - Background Task Host.) - (10.0.15063.0) = C:\Windows\System32\backgroundTaskHost.exe 5692 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - SmartScreen.) - (10.0.15063.332) = C:\Windows\System32\smartscreen.exe 3956 | [Owner : ichan |Parent : 816] - (.Microsoft Corporation - Windows Defender application.) - (10.0.15063.483) = C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Power]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\nsi]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NLASvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\MPSsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Iphlpsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\LanmanWorkstation]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\AudioEndpointBuilder]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Audiosrv]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\BFE]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Browser]~[Start] : 4 -> 3 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\DnsCache]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\CryptSvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\winmgmt]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wscsvc]~[Start] : 4 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wwansvc]~[Start] : 4 -> 3 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-2209834188-1265088169-1137962746-1001\Software\nwjs Deleted : HKU\S-1-5-21-2209834188-1265088169-1137962746-1001\Software\undefined Moved to quarantine successfully : C:\WINDOWS\Tasks\WpsKtpcntrQingTask_Administrator.job Moved to quarantine successfully : D:\V3_3088dat.exe Moved to quarantine successfully : D:\Pre_Scan.exe Moved to quarantine successfully : D:\kav17.0.0.611abcfr_11902.exe Moved to quarantine successfully : C:\msdia80.dll ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 5 | Restored : 5 ~ [Drive C:] : Hidden : 7 | Restored : 7 ~ [Program Files] : Hidden : 7 | Restored : 7 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 4 | Restored : 4 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 60 | Restored : 56 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 42 | Restored : 42 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=122G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 EE-UNKNWN 21.0T No No 1 294,967,295 End : 16:56:20 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 204