¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 11:35:53 05/22/2021

Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[Jean Marie CARRIBON (Administrator)] - [DESKTOP-NA2IIKJ]
SID = S-1-5-21-2982999039-1405869219-2042017926-1001

Boot: Normal boot
System : Windows 10 Home (64 bits) Core 
ProcessorNameString : AMD E2-7110 APU with AMD Radeon R2 Graphics    
Identifier : AMD64 Family 22 Model 48 Stepping 1
CoreTemp : 30 Celsius - Max : 90 Celsius

Memory RAM = Total (MB) : 3595 | Free (MB) : 1513
Pagefile = Total (MB) : 8838 | Free (MB) : 6948
Virtual = Total (MB) : 4194 | Free (MB) : 3929

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

K:\-> [Removable] | [] | Total : 29.28 Go | Free : 2.55 Go -> FAT32 [USB]
I:\-> [Removable] | [] | Total : 7.49 Go | Free : 1.72 Go -> FAT32 [USB]
H:\-> [Removable] | [] | Total : 7.49 Go | Free : 1.87 Go -> FAT32 [USB]
F:\-> [Removable] | [future wdet] | Total : 59.47 Go | Free : 0.84 Go -> exFAT [USB]
E:\-> [CDROM] | [WebPlus X7] | Total : 0.37 Go | Free : 0 Go -> CDFS [SATA]
C:\-> [Fixed] | [WINDOWS 10 FAMILLE 64 BITS] | Total : 930.91 Go | Free : 831.36 Go -> NTFS [SATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates


Windows Is Activated

¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\ServiceProfiles\LocalService
C:\WINDOWS\ServiceProfiles\NetworkService
C:\Users\Jean Marie CARRIBON

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [22.05.2021 @ 11_31_14])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.19041.1     (© Microsoft Corporation.)
GC : 90.0.4430.212     (Copyright 2020 Google LLC.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer

ActiveX : 11.6.602.168

���������� # Security

AV : COMODO Antivirus Disabled
AS : Windows Defender Enabled
FW : 
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1988 | [Owner :  |Parent : 904] - (.AMD - AMD External Events Service Module.) - (27.20.1034.6) = C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
2392 | [Owner :  |Parent : 1988] - (.AMD - AMD External Events Client Module.) - (27.20.1034.6) = C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atieclxx.exe
2864 | [Owner :  |Parent : 904] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.88) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2924 | [Owner :  |Parent : 2864] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2932 | [Owner :  |Parent : 2864] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3044 | [Owner :  |Parent : 904] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.964) = C:\Windows\System32\spoolsv.exe
3284 | [Owner : Système |Parent : 904] - (.Adobe Inc. - Adobe Acrobat Update Service.) - (1.824.42.176) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
3312 | [Owner : Système |Parent : 904] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
3352 | [Owner : Système |Parent : 904] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe
3384 | [Owner : Système |Parent : 904] - (.CGMHub - CGMHub.) - (1.1.1.3) = C:\Program Files (x86)\CGM\CGMHub\CGMHub.exe
3424 | [Owner : Système |Parent : 904] - (.Seiko Epson Corporation - MyEpson Portal Service.) - (1.0.3.3) = C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
3468 | [Owner : Système |Parent : 904] - (.Realtek Semiconductor Corp. - Realtek Bluetooth BTDevManager Service Application.) - (1.1.26.1) = C:\Windows\RtkBtManServ.exe
3624 | [Owner :  |Parent : 904] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2104.14) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
4544 | [Owner : Jean Marie CARRIBON |Parent : 3424] - (.Seiko Epson Corporation - MyEpson Portal.) - (1.1.3.4) = C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
4756 | [Owner : Jean Marie CARRIBON |Parent : 1304] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe
4816 | [Owner : Jean Marie CARRIBON |Parent : 904] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe
4948 | [Owner : Jean Marie CARRIBON |Parent : 1304] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe
5104 | [Owner : Jean Marie CARRIBON |Parent : 1360] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe
940 | [Owner : Jean Marie CARRIBON |Parent : 4536] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.964) = C:\Windows\explorer.exe
5168 | [Owner : Jean Marie CARRIBON |Parent : 904] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe
5508 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (. - .) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
5624 | [Owner : Aucun |Parent : 4936] - (.Microsoft Corporation - Outil de configuration du Planificateur de tâches.) - (10.0.19041.906) = C:\Windows\System32\schtasks.exe
5632 | [Owner : Aucun |Parent : 5624] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.964) = C:\Windows\System32\conhost.exe
5700 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
5876 | [Owner : LogonSessionId_0_671845 |Parent : 904] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.844) = C:\Windows\System32\SearchIndexer.exe
1376 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
6464 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - YourPhone.) - (1.21042.95.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.95.0_x64__8wekyb3d8bbwe\YourPhone.exe
5060 | [Owner : Jean Marie CARRIBON |Parent : 940] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe
3832 | [Owner :  |Parent : 904] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe
6428 | [Owner : Jean Marie CARRIBON |Parent : 940] - (.Acronis International GmbH - Acronis Scheduler Service Helper.) - (8.0.1.11450) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
7400 | [Owner : Jean Marie CARRIBON |Parent : 940] - (.Seiko Epson Corporation - Epson Software Updater.) - (1.0.0.0) = C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
7948 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
8172 | [Owner : Jean Marie CARRIBON |Parent : 940] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
4552 | [Owner : Jean Marie CARRIBON |Parent : 940] - (.ASIP SANTE - Gestionnaire de certificats CPS WIN 64 (Version Release).) - (3.13.0.0) = C:\Program Files\santesocial\CPS\CCM.exe
7424 | [Owner : Jean Marie CARRIBON |Parent : 7236] - (.Hagel Technologies Ltd - DU Meter.) - (3.50.2822.0) = C:\Program Files (x86)\DU Meter\DUMeter.exe
7552 | [Owner : Jean Marie CARRIBON |Parent : 8172] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
7656 | [Owner : Système |Parent : 4928] - (.Google LLC - Google Crash Handler.) - (1.3.36.81) = C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
672 | [Owner : Jean Marie CARRIBON |Parent : 8172] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
6492 | [Owner : Système |Parent : 4928] - (.Google LLC - Google Crash Handler.) - (1.3.36.81) = C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
1508 | [Owner : Jean Marie CARRIBON |Parent : 8172] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
2816 | [Owner : Jean Marie CARRIBON |Parent : 7236] - (.CNAMTS - GIE SESAM-Vitale - SrvSVCNAM.) - (3.40.0.0) = C:\Program Files (x86)\santesocial\srvsvcnam\SRVSVCNAM.exe
2952 | [Owner : Jean Marie CARRIBON |Parent : 7236] - (.SEIKO EPSON CORPORATION - Fax Reception.) - (3.0.2.1) = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
2412 | [Owner : Jean Marie CARRIBON |Parent : 7236] - (.SEIKO EPSON CORPORATION - Fax Transmission.) - (3.0.2.1) = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
2352 | [Owner : Jean Marie CARRIBON |Parent : 7236] - (.SEIKO EPSON CORPORATION - EEventManager Application.) - (3.2.0.0) = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
3144 | [Owner : Jean Marie CARRIBON |Parent : 4552] - (.GIE SESAM VITALE - ASIP SANTE - Serveur du Gestionnaire d'Acces au Lecteur WIN 64 sur NP (RELEASE) .) - (3.42.0.0) = C:\Program Files\santesocial\galss\galsvw64.exe
3400 | [Owner : Jean Marie CARRIBON |Parent : 7236] - (. - .) - (4.0.0.4) = C:\Ariane\Ariane\Ariane.exe
5484 | [Owner : Jean Marie CARRIBON |Parent : 1304] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.693.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
7920 | [Owner : Jean Marie CARRIBON |Parent : 8180] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
7300 | [Owner : Jean Marie CARRIBON |Parent : 8172] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
7448 | [Owner : Aucun |Parent : 7744] - (.Piriform Software Ltd - CCleaner.) - (5.79.0.8704) = C:\Program Files\CCleaner\CCleaner64.exe
3404 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
8404 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
8612 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
9016 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
7928 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
1116 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - .) - (2001.22012.0.2020) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
9328 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Component Package Support Server.) - (10.0.19041.746) = C:\Windows\System32\CompPkgSrv.exe
9376 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
9444 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
9572 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
5916 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
9184 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe
4700 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - User OOBE Broker.) - (10.0.19041.746) = C:\Windows\System32\oobe\UserOOBEBroker.exe
9404 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
5156 | [Owner : Jean Marie CARRIBON |Parent : 940] - (.Serif (Europe) Ltd - Serif WebPlus X7.) - (15.0.0.24) = C:\Program Files\Serif\WebPlus\X7\Program\WebPlus.exe
7752 | [Owner : Aucun |Parent : 1304] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe
8444 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
4620 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
4624 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (. - .) - (2020.20120.4004.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
10144 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
10576 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
10796 | [Owner : Jean Marie CARRIBON |Parent : 5156] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10972 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
9604 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2532 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
7044 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
11296 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
11176 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
13448 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
14908 | [Owner : Jean Marie CARRIBON |Parent : 7920] - (.Mozilla Corporation - Firefox.) - (88.0.1.7794) = C:\Program Files\Mozilla Firefox\firefox.exe
11872 | [Owner : Aucun |Parent : 14872] - (. - Wondershare DemoCreator.) - (4.7.0.4) = C:\Program Files (x86)\Wondershare\Wondershare DemoCreator\DemoCreator.exe
15976 | [Owner : Jean Marie CARRIBON |Parent : 11872] - (.The Qt Company Ltd. - Qt Qtwebengineprocess.) - (5.14.1.0) = C:\Program Files (x86)\Wondershare\Wondershare DemoCreator\QtWebEngineProcess.exe
28316 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
5084 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.844) = C:\Windows\System32\smartscreen.exe
29812 | [Owner : Jean Marie CARRIBON |Parent : 1016] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
30612 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
24904 | [Owner : Jean Marie CARRIBON |Parent : 10796] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2008 | [Owner :  |Parent : 900] - (.AMD - AMD External Events Service Module.) - (27.20.1034.6) = C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
2412 | [Owner :  |Parent : 2008] - (.AMD - AMD External Events Client Module.) - (27.20.1034.6) = C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atieclxx.exe
2752 | [Owner :  |Parent : 900] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.88) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2856 | [Owner :  |Parent : 2752] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2876 | [Owner :  |Parent : 2752] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.295) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
2952 | [Owner :  |Parent : 900] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.964) = C:\Windows\System32\spoolsv.exe
3420 | [Owner : Système |Parent : 900] - (.Adobe Inc. - Adobe Acrobat Update Service.) - (1.824.42.176) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
3432 | [Owner : Système |Parent : 900] - (.Apple Inc. - Bonjour Service.) - (3.0.0.10) = C:\Program Files\Bonjour\mDNSResponder.exe
3440 | [Owner : Système |Parent : 900] - (.CGMHub - CGMHub.) - (1.1.1.3) = C:\Program Files (x86)\CGM\CGMHub\CGMHub.exe
3500 | [Owner : Système |Parent : 900] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe
3564 | [Owner : Système |Parent : 900] - (.Seiko Epson Corporation - MyEpson Portal Service.) - (1.0.3.3) = C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
3588 | [Owner : Système |Parent : 900] - (.Realtek Semiconductor Corp. - Realtek Bluetooth BTDevManager Service Application.) - (1.1.26.1) = C:\Windows\RtkBtManServ.exe
3636 | [Owner :  |Parent : 900] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2104.14) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
5032 | [Owner : Jean Marie CARRIBON |Parent : 3564] - (.Seiko Epson Corporation - MyEpson Portal.) - (1.1.3.4) = C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
1368 | [Owner : Jean Marie CARRIBON |Parent : 1300] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe
3628 | [Owner : Jean Marie CARRIBON |Parent : 900] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe
2264 | [Owner : Jean Marie CARRIBON |Parent : 1300] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe
4524 | [Owner : Jean Marie CARRIBON |Parent : 2812] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.964) = C:\Windows\explorer.exe
5012 | [Owner : Jean Marie CARRIBON |Parent : 1360] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe
5248 | [Owner : Jean Marie CARRIBON |Parent : 900] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.546) = C:\Windows\System32\svchost.exe
5556 | [Owner : Jean Marie CARRIBON |Parent : 820] - (. - .) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
5720 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
6004 | [Owner : LogonSessionId_0_638580 |Parent : 900] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.844) = C:\Windows\System32\SearchIndexer.exe
2308 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
6660 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
7100 | [Owner : Jean Marie CARRIBON |Parent : 4524] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe
7132 | [Owner :  |Parent : 900] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe
4372 | [Owner : Jean Marie CARRIBON |Parent : 4524] - (.Acronis International GmbH - Acronis Scheduler Service Helper.) - (8.0.1.11450) = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
6528 | [Owner : Aucun |Parent : 4444] - (.Microsoft Corporation - Outil de configuration du Planificateur de tâches.) - (10.0.19041.906) = C:\Windows\System32\schtasks.exe
6544 | [Owner : Aucun |Parent : 6528] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.964) = C:\Windows\System32\conhost.exe
3512 | [Owner : Jean Marie CARRIBON |Parent : 4524] - (.Seiko Epson Corporation - Epson Software Updater.) - (1.0.0.0) = C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE
6876 | [Owner : Jean Marie CARRIBON |Parent : 4524] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
1004 | [Owner : Jean Marie CARRIBON |Parent : 4524] - (.ASIP SANTE - Gestionnaire de certificats CPS WIN 64 (Version Release).) - (3.13.0.0) = C:\Program Files\santesocial\CPS\CCM.exe
2164 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (.Hagel Technologies Ltd - DU Meter.) - (3.50.2822.0) = C:\Program Files (x86)\DU Meter\DUMeter.exe
2928 | [Owner : Jean Marie CARRIBON |Parent : 1004] - (.GIE SESAM VITALE - ASIP SANTE - Serveur du Gestionnaire d'Acces au Lecteur WIN 64 sur NP (RELEASE) .) - (3.42.0.0) = C:\Program Files\santesocial\galss\galsvw64.exe
1820 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (.CNAMTS - GIE SESAM-Vitale - SrvSVCNAM.) - (3.40.0.0) = C:\Program Files (x86)\santesocial\srvsvcnam\SRVSVCNAM.exe
4500 | [Owner : Jean Marie CARRIBON |Parent : 6876] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
6128 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (.SEIKO EPSON CORPORATION - Fax Reception.) - (3.0.2.1) = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
6956 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (.SEIKO EPSON CORPORATION - Fax Transmission.) - (3.0.2.1) = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
3384 | [Owner : Jean Marie CARRIBON |Parent : 6876] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
2808 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (.SEIKO EPSON CORPORATION - EEventManager Application.) - (3.2.0.0) = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
6340 | [Owner : Jean Marie CARRIBON |Parent : 6876] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
5040 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (. - .) - (4.0.0.4) = C:\Ariane\Ariane\Ariane.exe
3456 | [Owner : Jean Marie CARRIBON |Parent : 1496] - (.Wondershare - Wondershare Studio.) - (2.6.0.1) = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
1096 | [Owner : Jean Marie CARRIBON |Parent : 1300] - (.Realtek Semiconductor - Gestionnaire audio HD Realtek.) - (1.0.693.0) = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
2144 | [Owner : Aucun |Parent : 4684] - (.Piriform Software Ltd - CCleaner.) - (5.79.0.8704) = C:\Program Files\CCleaner\CCleaner64.exe
6640 | [Owner : Jean Marie CARRIBON |Parent : 6876] - (.Skype Technologies S.A. - Skype.) - (8.68.0.96) = C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.68.96.0_x86__kzf8qxf38zg5c\Skype\Skype.exe
7640 | [Owner : Système |Parent : 4408] - (.Google LLC - Google Crash Handler.) - (1.3.36.81) = C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler.exe
7676 | [Owner : Système |Parent : 4408] - (.Google LLC - Google Crash Handler.) - (1.3.36.81) = C:\Program Files (x86)\Google\Update\1.3.36.82\GoogleCrashHandler64.exe
7420 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe
2192 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
5448 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - User OOBE Broker.) - (10.0.19041.746) = C:\Windows\System32\oobe\UserOOBEBroker.exe
4752 | [Owner : Jean Marie CARRIBON |Parent : 820] - (. - .) - (2020.20120.4004.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
6996 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
4720 | [Owner : Aucun |Parent : 1300] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.906) = C:\Windows\System32\taskhostw.exe
6884 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.844) = C:\Windows\System32\smartscreen.exe
5148 | [Owner : Jean Marie CARRIBON |Parent : 4524] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1200 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
216 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
7424 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2972 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - .) - (2001.22012.0.2020) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
6496 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
7920 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2844 | [Owner : Jean Marie CARRIBON |Parent : 820] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe
3916 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2864 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1384 | [Owner : Jean Marie CARRIBON |Parent : 5148] - (.Microsoft Corporation - Microsoft Edge.) - (90.0.818.62) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] :  -> C:\WINDOWS\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

�


¤¤¤¤¤¤¤¤¤¤ | Winsock


¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center

Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] :  -> C:\WINDOWS\System32\ActionCenter.dll



¤¤¤¤¤¤¤¤¤¤ # Services

Impossible to restore service : BROWSER

Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] :  -> 0
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Browser]~[Start] :  -> 3
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] :  -> 2
Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2

¤¤¤¤¤¤¤¤¤¤ # Internet Explorer


¤¤¤¤¤¤¤¤¤¤ # reparsepoint



¤¤¤¤¤¤¤¤¤¤ # Offsets


¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry



Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2982999039-1405869219-2042017926-1001\$I0GJUS3.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2982999039-1405869219-2042017926-1001\$IKYSTGP.exe
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2982999039-1405869219-2042017926-1001\$R0GJUS3.dll
Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-2982999039-1405869219-2042017926-1001\$RKYSTGP.exe
Deleted : HKU\S-1-5-21-2982999039-1405869219-2042017926-1001\Software\(null)
Deleted : HKLM\Software\dotnet
Deleted : HKLM\Software\Nico Mak Computing
Deleted : HKLM\Software\WOW6432Node\dotnet

Moved to quarantine successfully : C:\WINDOWS\Tasks\ASO-AutoCheckUpdate7Days.job
Deleted : [HKLM\Software\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[DU Meter] : C:\Program Files (x86)\DU Meter\DUMeter.exe
Deleted : [HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]~[Wondershare Helper Compact.exe] : C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
Moved to quarantine successfully  : H:\Start.exe
Moved to quarantine successfully : C:\gdiplus.dll
Moved to quarantine successfully  : I:\Lecteur de CD - Raccourci.lnk
Moved to quarantine successfully  : H:\Disque local (J) - Raccourci.lnk
Moved to quarantine successfully  : H:\SDXC (F) - Raccourci.lnk
Will be moved in quarantine at reboot : C:\DumpStack.log.tmp
Will be moved in quarantine at reboot  : C:\DumpStack.log.tmp
Moved to quarantine successfully : C:\ProgramData\ss.ini
Will be moved in quarantine at reboot : C:\ProgramData\ss.ini

¤¤¤¤¤¤¤¤¤¤ # ADS


¤¤¤¤¤¤¤¤¤¤ # Prefetch


cleaned


H:\ : Vaccinated (Vaccin created by Pre_Scan)
I:\ : Vaccinated (Vaccin created by Pre_Scan)
K:\ : Vaccinated (Vaccin created by Pre_Scan)

¤¤¤¤¤¤¤¤¤¤ | Hidden files

~ [Drive Z:] : Hidden : 10 | Restored : 10
~ [Drive C:] : Hidden : 4 | Restored : 3
~ [Program Files] : Hidden : 4 | Restored : 4
~ [Pictures] : Hidden : 3 | Restored : 3
~ [Windows] : Hidden : 16 | Restored : 13
~ [AppData] : Hidden : 2 | Restored : 2


End : 12:28:45


¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 346