¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:23:03 01/04/2019 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-MEO18JK] SID = S-1-5-21-4055350770-2795530231-558803216-1001 Boot: Normal boot System : Windows 10 Enterprise (64 bits) Enterprise ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 2344 Pagefile = Total (MB) : 5189 | Free (MB) : 3845 Virtual = Total (MB) : 4194 | Free (MB) : 3918 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives M:\-> [Removable] | [] | Total : 976.53 Go | Free : 936.81 Go -> exFAT [USB] J:\-> [Removable] | [CUBUNTU] | Total : 7.2 Go | Free : 0.04 Go -> FAT32 [USB] I:\-> [Removable] | [] | Total : 14.91 Go | Free : 14.79 Go -> FAT32 [USB] H:\-> [CDROM] | [MY_DATA_101017] | Total : 0.36 Go | Free : 0 Go -> UDF [SATA] G:\-> [Removable] | [FRAMA SALIX] | Total : 1.86 Go | Free : 0.47 Go -> FAT32 [USB] F:\-> [Removable] | [FRAMA SALIX] | Total : 14.52 Go | Free : 7.82 Go -> FAT32 [USB] E:\-> [Removable] | [] | Total : 119.5 Go | Free : 119.38 Go -> NTFS [USB] D:\-> [Fixed] | [Seagate Backup Plus Drive] | Total : 4657.4 Go | Free : 1497.75 Go -> NTFS [USB] C:\-> [Fixed] | [windows2go workspace] | Total : 57.6 Go | Free : 17.93 Go -> NTFS (SSD) [USB] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\jean- Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [04.01.2019 @ 20_18_59]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.17134.1 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 30.0.0.113 Plugin : 32.0.0.101 ���������� # Security AV : COMODO Cloud Antivirus Enabled AS : IObit Malware Fighter Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 3428 | [Owner : |Parent : 792] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 3536 | [Owner : |Parent : 3428] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 3824 | [Owner : |Parent : 792] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.17134.1) = C:\Windows\System32\spoolsv.exe 4276 | [Owner : |Parent : 792] - (.Microsoft Corporation - Windows Security Health Service.) - (4.13.17134.1) = C:\Windows\System32\SecurityHealthService.exe 4436 | [Owner : |Parent : 792] - (.COMODO - COMODO Cloud Antivirus.) - (1.21.7095.842) = C:\Program Files (x86)\Comodo\COMODO Cloud Antivirus\ccavsrv.exe 4844 | [Owner : SERVICE LOCAL |Parent : 4100] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.17134.1) = C:\Windows\System32\dasHost.exe 1708 | [Owner : SERVICE LOCAL |Parent : 792] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.17134.1) = C:\Windows\System32\WUDFHost.exe 6624 | [Owner : jean- |Parent : 2008] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.17134.1) = C:\Windows\System32\sihost.exe 6640 | [Owner : jean- |Parent : 792] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe 6736 | [Owner : jean- |Parent : 792] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe 7004 | [Owner : jean- |Parent : 1580] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.17134.1) = C:\Windows\System32\taskhostw.exe 2764 | [Owner : jean- |Parent : 7132] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.17134.1) = C:\Windows\System32\ctfmon.exe 6332 | [Owner : jean- |Parent : 6176] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.17134.1) = C:\Windows\explorer.exe 3324 | [Owner : jean- |Parent : 68] - (.Microsoft Corporation - Search and Cortana application.) - (10.0.17134.112) = C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe 7724 | [Owner : jean- |Parent : 68] - (.Microsoft Corporation - SkypeApp.) - (8.36.0.52) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeApp.exe 8156 | [Owner : LogonSessionId_0_983514 |Parent : 792] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.17134.1) = C:\Windows\System32\SearchIndexer.exe 3052 | [Owner : jean- |Parent : 68] - (. - .) - (8.36.0.52) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.36.52.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe 8704 | [Owner : jean- |Parent : 68] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.17134.1) = C:\Windows\System32\smartscreen.exe 6396 | [Owner : jean- |Parent : 6332] - (.Microsoft Corporation - Bloc-notes.) - (10.0.17134.1) = C:\Windows\System32\notepad.exe 10204 | [Owner : jean- |Parent : 792] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.17134.1) = C:\Windows\System32\svchost.exe 11020 | [Owner : Système |Parent : 8156] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.1) = C:\Windows\System32\SearchProtocolHost.exe 3456 | [Owner : jean- |Parent : 8156] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.17134.1) = C:\Windows\System32\SearchProtocolHost.exe 13028 | [Owner : jean- |Parent : 6332] - (.Malwarebytes - AdwCleaner.) - (7.2.6.0) = C:\Users\jean-\OneDrive\Bureau\adwcleaner_7.2.6.0.exe 12312 | [Owner : Système |Parent : 8156] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.17134.1) = C:\Windows\System32\SearchFilterHost.exe 688 | [Owner : jean- |Parent : 68] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.17134.1) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 10260 | [Owner : jean- |Parent : 68] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe 13100 | [Owner : jean- |Parent : 68] - (.Microsoft Corporation - Runtime Broker.) - (10.0.17134.1) = C:\Windows\System32\RuntimeBroker.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of J:\AUTORUN.INF : Content of G:\AUTORUN.INF : Content of F:\AUTORUN.INF : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Impossible to restore service : BROWSER Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Browser]~[Start] : -> 3 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\Windows\Tasks\TrackerAutoUpdate.job Moved to quarantine successfully : C:\Setup_WinSweeper_2018.exe Moved to quarantine successfully : M:\Full-DISKfighter_Web.exe Moved to quarantine successfully : M:\youcam 8 portable.exe Moved to quarantine successfully : M:\Start Commandline Scanner.exe Moved to quarantine successfully : M:\Start Emergency Kit Scanner.exe Moved to quarantine successfully : M:\Slowin Killer.exe Moved to quarantine successfully : M:\winx-dvd-ripper.exe Moved to quarantine successfully : M:\UVKInstaller.exe Moved to quarantine successfully : M:\npp.7.6.Installer.x64.exe Moved to quarantine successfully : M:\DCUS-UpdateScanner (1).exe Moved to quarantine successfully : M:\zero-install.exe Moved to quarantine successfully : M:\DCUS-UpdateScanner.exe ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned E:\ : Vaccinated (Vaccin created by Usbfix) F:\ : Impossible to vaccinate G:\ : Impossible to vaccinate I:\ : Vaccinated (Vaccin created by Usbfix) J:\ : Impossible to vaccinate M:\ : Vaccinated (Vaccin created by Usbfix) ¤¤¤¤¤¤¤¤¤¤ | Hidden files