¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 07:45:13 01/23/2023 Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [roman's vil6 suite (Administrator)] - [DESKTOP-IHFM53N] SID = S-1-5-21-981079248-4165750198-1009296217-1001 Boot: Normal boot System : Windows 10 Enterprise (64 bits) Enterprise ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1528 Pagefile = Total (MB) : 8228 | Free (MB) : 5098 Virtual = Total (MB) : 4194 | Free (MB) : 3786 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives Z:\-> [Removable] | [AVIRA MULTI] | Total : 24.28 Go | Free : 23.66 Go -> FAT32 [USB] Y:\-> [Removable] | [DRBL XFCE] | Total : 29.28 Go | Free : 15.75 Go -> FAT32 [USB] X:\-> [Removable] | [sardu fold-it] | Total : 14.92 Go | Free : 2.21 Go -> NTFS [USB] V:\-> [Removable] | [W7 OU COMOD] | Total : 10.99 Go | Free : 10.91 Go -> FAT32 T:\-> [Removable] | [COMODO RESC] | Total : 24.28 Go | Free : 24.2 Go -> FAT32 [USB] R:\-> [Removable] | [AVIRA LIVE] | Total : 29.28 Go | Free : 29.28 Go -> FAT32 [USB] Q:\-> [Removable] | [AVIRA-LIVE] | Total : 14.63 Go | Free : 14 Go -> FAT32 [USB] O:\-> [Removable] | [ADAWARE RES] | Total : 29.77 Go | Free : 29.77 Go -> FAT32 [USB] K:\-> [CDROM] | [PANA-UDF] | Total : 4.27 Go | Free : 4.26 Go -> UDF [SATA] J:\-> [Removable] | [CCSA_X64FRE_FR-FR_DV5] | Total : 57.91 Go | Free : 31.79 Go -> NTFS [USB] H:\-> [Fixed] | [os deros illu'apps timof non sec] | Total : 69.33 Go | Free : 67.89 Go -> NTFS [SATA] D:\-> [Fixed] | [] | Total : 151.57 Go | Free : 55.82 Go -> NTFS [SATA] C:\-> [Fixed] | [] | Total : 54.58 Go | Free : 1.14 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\roman's vil6 suite Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [23.01.2023 @ 06_56_16]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.19041.1566 (© Microsoft Corporation. Tous droits réservés.) FF : 109.0.0.8412 (©Firefox and Mozilla Developers; available under the MPL 2 license.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ���������� # Security AV : 360 Total Security Enabled AS : FW : COMODO Firewall Enabled WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 11416 | [Owner : roman's vil6 suite |Parent : 12080] - (.Spotify Ltd - Spotify.) - (1.2.3.1115) = C:\Users\roman's vil6 suite\AppData\Roaming\Spotify\Spotify.exe 7836 | [Owner : roman's vil6 suite |Parent : 11416] - (.Spotify Ltd - Spotify.) - (1.2.3.1115) = C:\Users\roman's vil6 suite\AppData\Roaming\Spotify\Spotify.exe 12164 | [Owner : roman's vil6 suite |Parent : 11416] - (.Spotify Ltd - Spotify.) - (1.2.3.1115) = C:\Users\roman's vil6 suite\AppData\Roaming\Spotify\Spotify.exe 2736 | [Owner : roman's vil6 suite |Parent : 11416] - (.Spotify Ltd - Spotify.) - (1.2.3.1115) = C:\Users\roman's vil6 suite\AppData\Roaming\Spotify\Spotify.exe 9624 | [Owner : roman's vil6 suite |Parent : 11416] - (.Spotify Ltd - Spotify.) - (1.2.3.1115) = C:\Users\roman's vil6 suite\AppData\Roaming\Spotify\Spotify.exe 7360 | [Owner : roman's vil6 suite |Parent : 11416] - (.Spotify Ltd - Spotify.) - (1.2.3.1115) = C:\Users\roman's vil6 suite\AppData\Roaming\Spotify\Spotify.exe 2440 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe 2836 | [Owner : roman's vil6 suite |Parent : 1656] - (.Systweak - Systweak Software Updater.) - (1.0.0.40303) = C:\Program Files (x86)\Systweak Software Updater\SystweakSoftwareUpdater.exe 2064 | [Owner : roman's vil6 suite |Parent : 2076] - (.Microsoft Corporation - Bloc-notes.) - (10.0.19041.1) = C:\Windows\System32\notepad.exe 7420 | [Owner : roman's vil6 suite |Parent : 10944] - (.Mozilla Corporation - Firefox.) - (109.0.0.8412) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe 4984 | [Owner : roman's vil6 suite |Parent : 6748] - (.Solvusoft - WinThruster automatic scan and notifications.) - (7.5.0.2) = V:\Program Files (x86)\WinThruster\WTNotifications.exe 9628 | [Owner : roman's vil6 suite |Parent : 10944] - (.Mozilla Corporation - Firefox.) - (109.0.0.8412) = C:\Program Files (x86)\Mozilla Firefox\firefox.exe 9276 | [Owner : roman's vil6 suite |Parent : 8820] - (.Solvusoft Corporation - DriverDoc.) - (6.2.825.0) = Q:\Program Files (x86)\DriverDoc\DriverDoc.exe 5244 | [Owner : roman's vil6 suite |Parent : 4940] - (.Avanquest - OneSafe Driver Manager.) - (6.0.690.0) = T:\Program Files (x86)\OneSafe\OneSafeDriverManager.exe 6032 | [Owner : roman's vil6 suite |Parent : 4940] - (.Avanquest - OneSafe Driver Manager Schedule.) - (6.0.0.0) = T:\Program Files (x86)\OneSafe\Extra\SDMSchedule.exe 9360 | [Owner : roman's vil6 suite |Parent : 5244] - (.Avanquest - OneSafe Driver Manager Tray.) - (6.0.690.0) = T:\Program Files (x86)\OneSafe\SDMTray.exe 4844 | [Owner : roman's vil6 suite |Parent : 3648] - (.WinZip Computing - WinZip Preloader.) - (24.0.13573.0) = C:\Program Files\WinZip\WzPreloader.exe 8636 | [Owner : roman's vil6 suite |Parent : 2076] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\System32\msiexec.exe 4836 | [Owner : Système |Parent : 1040] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\System32\msiexec.exe 11532 | [Owner : roman's vil6 suite |Parent : 4836] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\SysWOW64\msiexec.exe 10356 | [Owner : roman's vil6 suite |Parent : 2076] - (.SPAMfighter ApS - DRIVERfighter Installation Package.) - (1.2.19.0) = H:\Download\DRIVERfighter_web.exe 8804 | [Owner : roman's vil6 suite |Parent : 10356] - (. - .) - (1.2.19.0) = C:\Users\ROMAN'~1\AppData\Local\Temp\DRF1674406138\DRPROSetup.exe 12572 | [Owner : roman's vil6 suite |Parent : 8804] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\SysWOW64\msiexec.exe 13244 | [Owner : roman's vil6 suite |Parent : 4836] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\SysWOW64\msiexec.exe 11760 | [Owner : roman's vil6 suite |Parent : 2864] - (.DriverFix - DriverFix.) - (4.2022.6.14) = C:\Program Files (x86)\DriverFix\DriverFix.exe 13088 | [Owner : roman's vil6 suite |Parent : 2076] - (.Microsoft Corporation - Win32 Cabinet Self-Extractor .) - (9.0.8112.16421) = H:\Download\SanDiskMediaManagerSetup.exe 2180 | [Owner : roman's vil6 suite |Parent : 13088] - (.Sandisk Corporation - Media Manager Setup Bootstrapper.) - (1.0.0.1) = C:\Users\ROMAN'~1\AppData\Local\Temp\IXP000.TMP\Setup.exe 12564 | [Owner : roman's vil6 suite |Parent : 2076] - (.SosVirus - QuickDiag.) - (29.10.19.1) = C:\Users\roman's vil6 suite\Desktop\quickdiag_V5_29.10.19.1.exe 8712 | [Owner : roman's vil6 suite |Parent : 2076] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.19041.1202) = C:\Windows\System32\Taskmgr.exe 12316 | [Owner : roman's vil6 suite |Parent : 1656] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1865) = C:\Windows\System32\taskhostw.exe 7316 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.19041.746) = C:\Windows\System32\rundll32.exe 8848 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.19041.746) = C:\Windows\System32\rundll32.exe 12604 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.19041.746) = C:\Windows\System32\rundll32.exe 3988 | [Owner : roman's vil6 suite |Parent : 8712] - (.Microsoft Corporation - Bloc-notes.) - (10.0.19041.1) = C:\Windows\System32\notepad.exe 9952 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Processus hôte Windows (Rundll32).) - (10.0.19041.746) = C:\Windows\System32\rundll32.exe 9224 | [Owner : roman's vil6 suite |Parent : 7936] - (.Tweaking.com - Tweaking.com - Windows Repair.) - (4.13.0.1) = C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe 3356 | [Owner : roman's vil6 suite |Parent : 2180] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\SysWOW64\msiexec.exe 6824 | [Owner : roman's vil6 suite |Parent : 4836] - (.Microsoft Corporation - Installateur Windows®.) - (5.0.19041.2193) = C:\Windows\SysWOW64\msiexec.exe 12032 | [Owner : roman's vil6 suite |Parent : 9224] - (.Tweaking.com - Tweaking.com - Windows Repair Tray Icon.) - (4.1.0.0) = C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe 3152 | [Owner : roman's vil6 suite |Parent : 1656] - (.Maxthon International ltd. - Maxthon.) - (5.3.8.2000) = C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe 7292 | [Owner : SERVICE LOCAL |Parent : 7868] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1806) = C:\Windows\System32\dasHost.exe 7424 | [Owner : SERVICE RÉSEAU |Parent : 7868] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (10.0.19041.1806) = C:\Windows\System32\dasHost.exe 10024 | [Owner : Système |Parent : 1040] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.2486) = C:\Windows\System32\spoolsv.exe 5324 | [Owner : roman's vil6 suite |Parent : 4984] - (.Solvusoft - WinThruster.) - (7.5.0.2) = V:\Program Files (x86)\WinThruster\WinThruster.exe 1580 | [Owner : SERVICE LOCAL |Parent : 1040] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.19041.1865) = C:\Windows\System32\WUDFHost.exe 3268 | [Owner : SERVICE RÉSEAU |Parent : 1040] - (.Microsoft Corporation - Service de la plateforme de protection logicielle Microsoft.) - (10.0.19041.2486) = C:\Windows\System32\sppsvc.exe 3332 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Microsoft Phone Link.) - (1.22112.142.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22112.142.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe 10948 | [Owner : roman's vil6 suite |Parent : 1216] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.2364) = C:\Windows\System32\smartscreen.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : userinit.exe, -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ | Winsock ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of Z:\autorun.inf : [autorun] open=wubi.exe icon=wubi.exe,0 label=Install Ubuntu [Content] MusicFiles=false PictureFiles=false VideoFiles=false Content of Y:\autorun.inf : Content of V:\autorun.inf : Content of T:\autorun.inf : Content of Q:\autorun.inf : ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]~[] : @SYS:DoesNotExist [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-18\Software\Locky Deleted : HKU\S-1-5-18\Software\Nico Mak Computing Deleted : HKU\S-1-5-21-981079248-4165750198-1009296217-1001_Classes\Software\Locky Deleted : HKU\S-1-5-21-981079248-4165750198-1009296217-1001\Software\Locky