¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 08:59:24 07/07/2019 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [EFM_UEFM_Barrow_U (Administrator)] - [DESKTOP-9I710DV] SID = S-1-5-21-132225022-3335974131-4250315207-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : Intel(R) Core(TM) i5-7200U CPU @ 2.50GHz Identifier : Intel64 Family 6 Model 142 Stepping 9 CoreTemp : 29.8 Celsius - Max : 99 Celsius Memory RAM = Total (MB) : 4094 | Free (MB) : 3024 Pagefile = Total (MB) : 7408 | Free (MB) : 6591 Virtual = Total (MB) : 4194 | Free (MB) : 3900 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives I:\-> [Fixed] | [MULTIBOOT] | Total : 1.9 Go | Free : 0.26 Go -> FAT32 [USB] H:\-> [Fixed] | [] | Total : 29.34 Go | Free : 28.93 Go -> FAT32 [USB] G:\-> [Fixed] | [COMODO RESC] | Total : 29.33 Go | Free : 26.89 Go -> FAT32 [USB] F:\-> [Fixed] | [LUBUNTU 15_] | Total : 29.33 Go | Free : 26.21 Go -> FAT32 [USB] E:\-> [Fixed] | [WD Elements] | Total : 929.42 Go | Free : 379.88 Go -> NTFS [USB] D:\-> [Fixed] | [128Go micro] | Total : 117.02 Go | Free : 2.15 Go -> exFAT [USB] C:\-> [Fixed] | [] | Total : 107.22 Go | Free : 3.1 Go -> NTFS (SSD) [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\windows\ServiceProfiles\LocalService C:\windows\ServiceProfiles\NetworkService C:\Users\EFM_UEFM_Barrow_U C:\Users\_ashbackup_ Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [07.07.2019 @ 08_46_55]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.16299.371 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 32.0.0.171 ���������� # Security AS : Avast Antivirus Disabled WMI : OK WU: Windows Update Service [Auto(2)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 868 | [Owner : UMFD-0 |Parent : 556] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.1004) = C:\Windows\System32\fontdrvhost.exe 876 | [Owner : UMFD-1 |Parent : 628] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.16299.1004) = C:\Windows\System32\fontdrvhost.exe 2060 | [Owner : EFM_UEFM_Barrow_U |Parent : 1244] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.16299.15) = C:\Windows\System32\sihost.exe 2832 | [Owner : EFM_UEFM_Barrow_U |Parent : 908] - (.Microsoft Corporation - Application Frame Host.) - (10.0.16299.15) = C:\Windows\System32\ApplicationFrameHost.exe 2492 | [Owner : EFM_UEFM_Barrow_U |Parent : 2460] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.16299.248) = C:\Windows\System32\Taskmgr.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of I:\autorun.inf : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-132225022-3335974131-4250315207-1001\Software\nwjs Deleted : HKU\S-1-5-21-132225022-3335974131-4250315207-1001\Software\pctonics.com Deleted : HKU\S-1-5-21-132225022-3335974131-4250315207-1001\Software\Nico Mak Computing Deleted : HKLM\Software\pctonics.com Deleted : HKLM\Software\Nico Mak Computing Deleted : HKLM\Software\WOW6432Node\360softmgr Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[WebDiscoverBrowser] : C:\Program Files\WebDiscoverBrowser\4.28.2\browser.exe --docked Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[K7TSStart] : "C:\Program Files (x86)\K7 Computing\K7TSecurity\K7TSecurity.exe" Moved to quarantine successfully : G:\Start.exe Moved to quarantine successfully : F:\Start.exe Moved to quarantine successfully : E:\0009-64bit_Win7_Win8_Win81_Win10_R282.exe Moved to quarantine successfully : E:\autogun_install.exe Moved to quarantine successfully : E:\bitreplica-setup.exe Moved to quarantine successfully : E:\boost-speed-setup.exe Moved to quarantine successfully : E:\delfix_1.013.exe Moved to quarantine successfully : E:\disk-defrag-setup.exe Moved to quarantine successfully : E:\disk-defrag-ultimate-setup.exe Moved to quarantine successfully : E:\file-recovery-setup.exe Moved to quarantine successfully : E:\flashboot-3.2s-setup.exe Moved to quarantine successfully : E:\flstd (1).exe Moved to quarantine successfully : E:\flstd (2).exe Moved to quarantine successfully : E:\flstd.exe Moved to quarantine successfully : E:\fruity.exe Moved to quarantine successfully : E:\juicepack_install.exe Moved to quarantine successfully : E:\KCinst.exe Moved to quarantine successfully : E:\kprm_1.1.exe Moved to quarantine successfully : E:\MakeupDirector_2.0.2817.67535b_Trial_MUD180206-06.exe Moved to quarantine successfully : E:\Paragon-790-PEU_WinInstallSNx64_16.23.0_000.exe Moved to quarantine successfully : E:\PAssist_Std.exe Moved to quarantine successfully : E:\poizone_install.exe Moved to quarantine successfully : E:\pw11-free.exe Moved to quarantine successfully : E:\rufus-3.5.exe Moved to quarantine successfully : E:\ss_dm.exe Moved to quarantine successfully : E:\TFC (1).exe Moved to quarantine successfully : E:\TFC.exe Moved to quarantine successfully : C:\bootTel.dat Moved to quarantine successfully : G:\autorun.ico Moved to quarantine successfully : F:\autorun.ico ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Usbfix) I:\ : Impossible to vaccinate ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 2 | Restored : 2 ~ [Program Files] : Hidden : 1384 | Restored : 1384 ~ [Pictures] : Hidden : 1 | Restored : 1 ~ [Windows] : Hidden : 8 | Restored : 6 End : 09:21:31 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 186