¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:30:27 02/02/2024

Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[twist (Administrator)] - [CHUCHOTIS]
SID = S-1-5-21-1367221443-249768293-1022394803-1001

Boot: Normal boot
System : Windows 10 Enterprise (64 bits) Enterprise 
ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics
Identifier : AMD64 Family 20 Model 2 Stepping 0
CoreTemp : -1 Celsius - Max :  Celsius

Memory RAM = Total (MB) : 3748 | Free (MB) : 1091
Pagefile = Total (MB) : 5414 | Free (MB) : 2246
Virtual = Total (MB) : 4194 | Free (MB) : 3948

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

H:\ -> [CDROM] | [Roxio Game Capture HD Pro] | Total : 0.47 Go | Free : 0 Go -> UDF [ATAPI]
C:\ -> [Fixed] | [] | Total : 1862.5 Go | Free : 1767.81 Go -> NTFS [ATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates


Windows Is Activated

¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\Windows\system32\config\systemprofile
C:\Windows\ServiceProfiles\LocalService
C:\Windows\ServiceProfiles\NetworkService
C:\Users\twist
C:\Users\_ashbackup_

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [02.02.2024 @ 13_10_51])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.22621.1     (© Microsoft Corporation. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer


���������� # Security

AV : Avast Antivirus Enabled
AS : 
FW : Avast Antivirus Enabled
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1044 | [Owner :  |Parent : 528] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.3.9600.17415) = C:\Windows\System32\spoolsv.exe
1272 | [Owner :  |Parent : 528] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.5.218.0) = C:\Program Files\Windows Defender\MsMpEng.exe
1340 | [Owner : LOCAL SERVICE |Parent : 992] - (.Microsoft Corporation - Device Association Framework Provider Host.) - (6.3.9600.17415) = C:\Windows\System32\dasHost.exe
2532 | [Owner : twister1a63 |Parent : 824] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhostex.exe
2636 | [Owner : twister1a63 |Parent : 3068] - (.Systweak Software - Advanced System Protector.) - (2.5.1111.29111) = C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe
1824 | [Owner : SYSTEM |Parent : 528] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.9600.17415) = C:\Windows\System32\SearchIndexer.exe
3348 | [Owner : LOCAL SERVICE |Parent : 824] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhost.exe
2484 | [Owner : SYSTEM |Parent : 528] - (.AMD - AMD External Events Service Module.) - (6.14.11.1164) = C:\Windows\System32\atiesrxx.exe
1580 | [Owner : SYSTEM |Parent : 2484] - (.AMD - AMD External Events Client Module.) - (6.14.11.1164) = C:\Windows\System32\atieclxx.exe
2424 | [Owner : SYSTEM |Parent : 528] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
3472 | [Owner : twister1a63 |Parent : 4580] - (. - .) - (5.2.2.0) = C:\Program Files\UCheck\UCheck64.exe
3192 | [Owner : SYSTEM |Parent : 528] - (.GlavSoft LLC. - TightVNC Server.) - (2.8.81.0) = C:\Program Files\TightVNC\tvnserver.exe
1780 | [Owner : SYSTEM |Parent : 3740] - (.GlavSoft LLC. - TightVNC Server.) - (2.8.81.0) = C:\Program Files\TightVNC\tvnserver.exe
1460 | [Owner : twister1a63 |Parent : 824] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.3.9600.17415) = C:\Windows\System32\taskhost.exe
3740 | [Owner : SYSTEM |Parent : 528] - (.voidtools - Everything.) - (1.4.1.1024) = C:\Program Files\Everything\Everything.exe
2288 | [Owner : twister1a63 |Parent : 2712] - (.f.lux Software LLC - f.lux.) - (4.131.0.0) = C:\Users\twister1a63\AppData\Local\FluxSoftware\Flux\flux.exe
4288 | [Owner : SYSTEM |Parent : 528] - (. - .) - (0.0.0.0) = C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\cam-core\dist\target\x86_64-pc-windows-msvc\release\service.exe
1872 | [Owner : twister1a63 |Parent : 3744] - (.Open-Shell - Open-Shell Menu.) - (4.4.191.0) = C:\Program Files\Open-Shell\StartMenu.exe
4624 | [Owner : SYSTEM |Parent : 528] - (.Bitsum LLC - Service helper module.) - (12.4.7.20) = C:\Program Files\Process Lasso\srvstub.exe
4576 | [Owner : SYSTEM |Parent : 4624] - (.Bitsum LLC - Process Lasso Core Engine.) - (12.4.7.20) = C:\Program Files\Process Lasso\ProcessGovernor.exe
4872 | [Owner : twister1a63 |Parent : 824] - (.Bitsum LLC - Process Lasso Session Agent.) - (12.4.7.20) = C:\Program Files\Process Lasso\bitsumsessionagent.exe
3760 | [Owner : twister1a63 |Parent : 3568] - (.Bitsum LLC - Process Lasso.) - (12.4.7.20) = C:\Program Files\Process Lasso\ProcessLasso.exe
4040 | [Owner : SYSTEM |Parent : 528] - (. - TeraCopy.) - (3.10.0.0) = C:\Program Files\TeraCopy\TeraCopyService.exe
4708 | [Owner : SYSTEM |Parent : 528] - (.Dropbox, Inc. - Dropbox Service.) - (1.0.24.0) = C:\Windows\System32\DbxSvc.exe
1448 | [Owner : twister1a63 |Parent : 1844] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
932 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
4564 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
4940 | [Owner : twister1a63 |Parent : 484] - (.Microsoft Corporation - Windows Explorer.) - (6.3.9600.17415) = C:\Windows\explorer.exe
4104 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
1504 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
2196 | [Owner : twister1a63 |Parent : 600] - (.Microsoft Corporation - Runtime Broker.) - (6.3.9600.17415) = C:\Windows\System32\RuntimeBroker.exe
4188 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
4324 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
264 | [Owner : twister1a63 |Parent : 1448] - (.Dropbox, Inc. - Dropbox.) - (191.4.4995.0) = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
1320 | [Owner : twister1a63 |Parent : 1448] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17416) = C:\Program Files\Internet Explorer\iexplore.exe
2488 | [Owner : twister1a63 |Parent : 1320] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17416) = C:\Program Files (x86)\Internet Explorer\iexplore.exe
4696 | [Owner : twister1a63 |Parent : 3280] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
4028 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
636 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
2980 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
380 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
6656 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
6664 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
5520 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
6792 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
6304 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
4904 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
1456 | [Owner : twister1a63 |Parent : 4696] - (.Mozilla Corporation - Firefox.) - (115.7.0.8780) = C:\Program Files\Mozilla Firefox\firefox.exe
5212 | [Owner : SYSTEM |Parent : 1108] - (.Dropbox, Inc. - Dropbox Update.) - (1.3.863.1) = C:\Program Files (x86)\Dropbox\Update\1.3.863.1\DropboxCrashHandler.exe
3184 | [Owner : SYSTEM |Parent : 528] - (.KeepItSafe, Inc. - SugarSync Service.) - (1.0.0.0) = C:\Program Files (x86)\SugarSync\SugarSyncSvc.exe
3256 | [Owner : NETWORK SERVICE |Parent : 5488] - (.Microsoft Corporation - Microsoft Malware Protection Command Line Utility.) - (4.5.218.0) = C:\Program Files\Windows Defender\MpCmdRun.exe
5088 | [Owner : LOCAL SERVICE |Parent : 992] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (6.3.9600.17415) = C:\Windows\System32\WUDFHost.exe
4228 | [Owner : twister1a63 |Parent : 4940] - (.KVIrc Development Team - KVIrc.) - (5.2.0.0) = C:\Program Files\KVIrc\kvirc.exe
6540 | [Owner : twister1a63 |Parent : 4968] - (.www.microsip.org - MicroSIP.) - (3.21.3.0) = C:\Users\twister1a63\AppData\Local\MicroSIP\microsip.exe
7148 | [Owner : twister1a63 |Parent : 6264] - (.Skype Technologies S.A. - Skype.) - (8.111.0.607) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
7352 | [Owner : twister1a63 |Parent : 7148] - (.Skype Technologies S.A. - Skype.) - (8.111.0.607) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
7544 | [Owner : twister1a63 |Parent : 7148] - (.Skype Technologies S.A. - Skype.) - (8.111.0.607) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
7596 | [Owner : twister1a63 |Parent : 7148] - (.Skype Technologies S.A. - Skype.) - (8.111.0.607) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
7844 | [Owner : twister1a63 |Parent : 7148] - (.Skype Technologies S.A. - Skype.) - (8.111.0.607) = C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
7232 | [Owner : SYSTEM |Parent : 528] - (.Microsoft Corporation - Windows Modules Installer.) - (6.3.9600.17415) = C:\Windows\servicing\TrustedInstaller.exe
6812 | [Owner : SYSTEM |Parent : 600] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (6.3.9600.17031) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
7740 | [Owner : twister1a63 |Parent : 4940] - (.Microsoft Corporation - Notepad.) - (6.3.9600.17415) = C:\Windows\System32\notepad.exe
5192 | [Owner : SYSTEM |Parent : 1824] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.9600.17415) = C:\Windows\System32\SearchProtocolHost.exe
7812 | [Owner : twister1a63 |Parent : 6956] - (.Voicemod - Voicemod.) - (2.47.0.0) = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe
4444 | [Owner : SYSTEM |Parent : 528] - (.Microsoft Corporation - Windows® installer.) - (5.0.9600.17415) = C:\Windows\System32\msiexec.exe
4516 | [Owner : twister1a63 |Parent : 7812] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17416) = C:\Program Files\Internet Explorer\iexplore.exe
4220 | [Owner : twister1a63 |Parent : 4516] - (.Microsoft Corporation - Internet Explorer.) - (11.0.9600.17416) = C:\Program Files (x86)\Internet Explorer\iexplore.exe
276 | [Owner : SYSTEM |Parent : 528] - (.Zoom Video Communications, Inc. - Zoom Sharing Service.) - (5.17.5.31030) = C:\Program Files\Common Files\Zoom\Support\CptService.exe
3596 | [Owner : twister1a63 |Parent : 3472] - (.Microsoft Corporation - Windows® installer.) - (5.0.9600.17415) = C:\Windows\System32\msiexec.exe
6260 | [Owner : twister1a63 |Parent : 7796] - (.Microsoft Corporation - Windows Defender User Interface.) - (4.5.218.0) = C:\Program Files\Windows Defender\MSASCui.exe
2672 | [Owner :  |Parent : 388] - (.AVAST Software - Avast remediation exe.) - (21.4.6162.0) = C:\Program Files\Avast Software\Avast\wsc_proxy.exe
3396 | [Owner :  |Parent : 388] - (.AVAST Software - Avast Service.) - (23.12.8700.0) = C:\Program Files\Avast Software\Avast\AvastSvc.exe
3808 | [Owner : LogonSessionId_0_224767 |Parent : 388] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.22621.521) = C:\Windows\System32\spoolsv.exe
4692 | [Owner :  |Parent : 388] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.23110.3) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
5432 | [Owner : SYSTEM |Parent : 4316] - (.Microsoft Corporation - Microsoft (R) Aggregator Host.) - (10.0.22621.1) = C:\Windows\System32\AggregatorHost.exe
6068 | [Owner : SYSTEM |Parent : 5920] - (.Microsoft Corporation - Usermode Font Driver Host.) - (10.0.22621.317) = C:\Windows\System32\fontdrvhost.exe
4044 | [Owner : twist |Parent : 388] - (. - .) - (0.0.0.0) = C:\Program Files\Ashampoo\Ashampoo Backup 2023\bin\backupService-ab.exe
3816 | [Owner :  |Parent : 388] - (.Avira Operations GmbH - Endpoint Protection Service.) - (1.0.2401.1464) = C:\Program Files (x86)\Systweak Antivirus\configuration\Endpoint Protection SDK\endpointprotection.exe
2128 | [Owner : LogonSessionId_0_694312 |Parent : 388] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.22621.317) = C:\Windows\System32\SearchIndexer.exe
4740 | [Owner :  |Parent : 388] - (.AVAST Software - Avast Software Analyzer.) - (23.12.8700.0) = C:\Program Files\Avast Software\Avast\aswidsagent.exe
6940 | [Owner : SYSTEM |Parent : 816] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.22621.1) = C:\Windows\System32\wbem\unsecapp.exe
6824 | [Owner :  |Parent : 388] - (.Microsoft Corporation - Windows Security Health Service.) - (10.0.22621.317) = C:\Windows\System32\SecurityHealthService.exe
276 | [Owner : SYSTEM |Parent : 1544] - (.Microsoft Corp. - Disk Defragmenter Module.) - (10.0.22621.1) = C:\Windows\System32\Defrag.exe
1276 | [Owner : SYSTEM |Parent : 276] - (.Microsoft Corporation - Console Window Host.) - (10.0.22621.457) = C:\Windows\System32\conhost.exe
1348 | [Owner : twist |Parent : 1800] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.22621.1) = C:\Windows\System32\sihost.exe
3280 | [Owner : twist |Parent : 388] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
4500 | [Owner : twist |Parent : 388] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
6480 | [Owner : twist |Parent : 388] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
2252 | [Owner : twist |Parent : 1544] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.22621.1) = C:\Windows\System32\taskhostw.exe
7576 | [Owner : twist |Parent : 7488] - (.Microsoft Corporation - Windows Explorer.) - (10.0.22621.457) = C:\Windows\explorer.exe
8000 | [Owner : twist |Parent : 3036] - (.Microsoft Corporation - CTF Loader.) - (10.0.22621.1) = C:\Windows\System32\ctfmon.exe
8080 | [Owner : twist |Parent : 388] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
7388 | [Owner : twist |Parent : 388] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
7832 | [Owner : twist |Parent : 388] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
6624 | [Owner : LOCAL SERVICE |Parent : 388] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.22621.1) = C:\Windows\System32\WUDFHost.exe
10180 | [Owner : twist |Parent : 7576] - (.Opera Software - Opera Browser Assistant.) - (106.0.4998.16) = C:\Users\twist\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
10112 | [Owner : twist |Parent : 10180] - (.Opera Software - Opera Browser Assistant.) - (106.0.4998.16) = C:\Users\twist\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
9904 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Sink to receive asynchronous callbacks for WMI client application.) - (10.0.22621.1) = C:\Windows\System32\wbem\unsecapp.exe
9948 | [Owner : twist |Parent : 7576] - (.Malwarebytes - AdwCleaner.) - (8.4.1.0) = C:\Users\twist\Downloads\adwcleaner.exe
10168 | [Owner : SYSTEM |Parent : 388] - (.AVAST Software - Avast VPN Service.) - (5.29.9498.0) = C:\Program Files\Avast Software\SecureLine VPN\VpnSvc.exe
12532 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Windows Start Experience Host.) - (10.0.22621.317) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
13624 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - .) - (522.20204.0.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
12856 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
13448 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
13820 | [Owner : twist |Parent : 7576] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
8500 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
9148 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
8512 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
13476 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
13348 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
11344 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10172 | [Owner : SYSTEM |Parent : 388] - (.Razer Inc. - Razer Chroma SDK Service.) - (2.11.12.168) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
11360 | [Owner : SYSTEM |Parent : 388] - (.Razer Inc. - Razer Chroma Stream Server.) - (1.2.3.52) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
9248 | [Owner : SYSTEM |Parent : 388] - (.Razer Inc. - Razer Chroma SDK REST Server.) - (1.10.0.178) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
3352 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Microsoft Teams Updater.) - (23335.242.2641.4129) = C:\Program Files\WindowsApps\MicrosoftTeams_23335.242.2641.4129_x64__8wekyb3d8bbwe\msteamsupdate.exe
8712 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Microsoft Teams Updater.) - (23335.242.2641.4129) = C:\Program Files\WindowsApps\MicrosoftTeams_23335.242.2641.4129_x64__8wekyb3d8bbwe\msteamsupdate.exe
9524 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10276 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Microsoft Outlook Communications.) - (16.0.14326.20544) = C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.20544.0_x64__8wekyb3d8bbwe\HxTsr.exe
11064 | [Owner : SYSTEM |Parent : 10172] - (.Razer Inc. - Razer Chroma SDK Service Host.) - (1.0.0.18) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzAppManager
10512 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
8556 | [Owner : SYSTEM |Parent : 10172] - (.Razer Inc. - Razer Chroma SDK Service Host.) - (1.0.0.18) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzDiagnostic
4404 | [Owner : SYSTEM |Parent : 11064] - (.Microsoft Corporation - Console Window Host.) - (10.0.22621.457) = C:\Windows\System32\conhost.exe
6684 | [Owner : SYSTEM |Parent : 8556] - (.Microsoft Corporation - Console Window Host.) - (10.0.22621.457) = C:\Windows\System32\conhost.exe
12920 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
3448 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
7368 | [Owner : SYSTEM |Parent : 10172] - (.Razer Inc. - Razer Chroma SDK Service Host.) - (1.0.0.18) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzIoTDeviceManager
10068 | [Owner : SYSTEM |Parent : 7368] - (.Microsoft Corporation - Console Window Host.) - (10.0.22621.457) = C:\Windows\System32\conhost.exe
4372 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
13500 | [Owner : SYSTEM |Parent : 10172] - (.Razer Inc. - Razer Chroma SDK Service Host.) - (1.0.0.18) = C:\Program Files (x86)\Razer Chroma SDK\bin\RzSmartlightingDeviceManager
9052 | [Owner : SYSTEM |Parent : 13500] - (.Microsoft Corporation - Console Window Host.) - (10.0.22621.457) = C:\Windows\System32\conhost.exe
11676 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10724 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10404 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
9560 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10964 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
8096 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
11444 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
4972 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
216 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10460 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.22621.1) = C:\Windows\System32\smartscreen.exe
9364 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
10088 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - CHXSmartScreen.exe.) - (10.0.22621.1) = C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
10012 | [Owner : twist |Parent : 816] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
13052 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
4260 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
5720 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
11704 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
13232 | [Owner : twist |Parent : 13820] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.83) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
9740 | [Owner : SYSTEM |Parent : 4168] - (.Microsoft Corporation - Windows Update.) - (922.604.211.0) = C:\Windows\UUS\amd64\wuauclt.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] :  -> C:\Windows\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

�


¤¤¤¤¤¤¤¤¤¤ | Winsock


¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center

Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] :  -> C:\Windows\System32\ActionCenter.dll


¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 10:42:02 02/04/2024

Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n
Contact : http://www.sosvirus.net/
Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html

[twist (Administrator)] - [CHUCHOTIS]
SID = S-1-5-21-1367221443-249768293-1022394803-1001

Boot: Normal boot
System : Windows 10 Enterprise (64 bits) Enterprise 
ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics
Identifier : AMD64 Family 20 Model 2 Stepping 0
CoreTemp : -1 Celsius - Max :  Celsius

Memory RAM = Total (MB) : 3748 | Free (MB) : 1237
Pagefile = Total (MB) : 5189 | Free (MB) : 2601
Virtual = Total (MB) : 4194 | Free (MB) : 3966

¤¤¤¤¤¤¤¤¤¤ # Components of starting up


¤¤¤¤¤¤¤¤¤¤¤ # Drives

U:\ -> [Removable] | [XUBUNTU 22_] | Total : 29.28 Go | Free : 26.44 Go -> FAT32 [USB]
Q:\ -> [Removable] | [POWER2GO] | Total : 14.63 Go | Free : 14.63 Go -> FAT32 [USB]
O:\ -> [Removable] | [power2go] | Total : 29.3 Go | Free : 26.88 Go -> NTFS [USB]
L:\ -> [Removable] | [anti-ORLRem] | Total : 3.81 Go | Free : 3.78 Go -> NTFS [USB]
K:\ -> [Removable] | [raspbian sifatal suga 2x] | Total : 3.68 Go | Free : 3.63 Go -> NTFS [USB]
J:\ -> [Removable] | [comodo resc] | Total : 0 Go | Free : 0 Go -> exFAT [USB]
H:\ -> [CDROM] | [Roxio Game Capture HD Pro] | Total : 0.47 Go | Free : 0 Go -> UDF [ATAPI]
D:\ -> [Removable] | [AD-AWARE] | Total : 12.91 Go | Free : 4.96 Go -> FAT32 [USB]
C:\ -> [Fixed] | [] | Total : 1862.5 Go | Free : 1772.82 Go -> NTFS [ATA]

¤¤¤¤¤¤¤¤¤¤ # Windows updates


Windows Is Activated

¤¤¤¤¤¤¤¤¤¤ # Sessions

C:\WINDOWS\system32\config\systemprofile
C:\WINDOWS\ServiceProfiles\LocalService
C:\WINDOWS\ServiceProfiles\NetworkService
C:\Users\twist
C:\Users\_ashbackup_

Registry saved , to restore :  Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [04.02.2024 @ 10_36_07])
To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore

¤¤¤¤¤¤¤¤¤¤ # Browsers

IE : 11.0.22621.1     (© Microsoft Corporation. All rights reserved.)

¤¤¤¤¤¤¤¤¤¤ # FlashPlayer


���������� # Security

AS : 
FW : 
WMI : OK
WU: Windows Update Service [Manual(3)] = Running
AS: Windows Defender [Auto(2)] = Running
FW: Windows FireWall Service [Auto(2)] = Running

¤¤¤¤¤¤¤¤¤¤ # Stopped processes

1972 | [Owner :  |Parent : 928] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe
2556 | [Owner :  |Parent : 928] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
2880 | [Owner :  |Parent : 928] - (.Microsoft Corporation - Spooler SubSystem App.) - (10.0.22621.521) = C:\Windows\System32\spoolsv.exe
3048 | [Owner : SYSTEM |Parent : 2556] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
3152 | [Owner : SYSTEM |Parent : 928] - (.Advanced Micro Devices, Inc. - AMD Fuel Service.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
3936 | [Owner : SYSTEM |Parent : 1096] - (.Microsoft Corporation - Microsoft Edge Update.) - (1.3.155.85) = C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1964 | [Owner :  |Parent : 928] - (.Microsoft Corporation - System Guard Runtime Monitor Broker Service.) - (10.0.22621.1) = C:\Windows\System32\Sgrm\SgrmBroker.exe
2328 | [Owner :  |Parent : 928] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2201.11) = C:\Program Files\Windows Defender\MsMpEng.exe
3768 | [Owner : LogonSessionId_0_484654 |Parent : 928] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.22621.317) = C:\Windows\System32\SearchIndexer.exe
2540 | [Owner : SYSTEM |Parent : 1984] - (.Microsoft Corporation - Microsoft (R) Aggregator Host.) - (10.0.22621.1) = C:\Windows\System32\AggregatorHost.exe
3272 | [Owner : SYSTEM |Parent : 1972] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe
2684 | [Owner : SYSTEM |Parent : 3768] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.22621.317) = C:\Windows\System32\SearchProtocolHost.exe
964 | [Owner : twist |Parent : 2788] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.22621.1) = C:\Windows\System32\sihost.exe
4788 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
156 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
5328 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
4864 | [Owner : twist |Parent : 5196] - (.Microsoft Corporation - Windows Explorer.) - (10.0.22621.457) = C:\Windows\explorer.exe
4652 | [Owner : twist |Parent : 1652] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (10.0.22621.1) = C:\Windows\System32\taskhostw.exe
3584 | [Owner : twist |Parent : 2532] - (.Microsoft Corporation - CTF Loader.) - (10.0.22621.1) = C:\Windows\System32\ctfmon.exe
4140 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
5684 | [Owner : twist |Parent : 1880] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
5200 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
4468 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
584 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
2420 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
7160 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
6784 | [Owner : twist |Parent : 4864] - (.Microsoft Corporation - Microsoft Teams.) - (23335.242.2641.4129) = C:\Program Files\WindowsApps\microsoftteams_23335.242.2641.4129_x64__8wekyb3d8bbwe\msteams.exe
6568 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - .) - (522.20204.0.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
5824 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Windows Start Experience Host.) - (10.0.22621.317) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
6344 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
3616 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
7144 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
3884 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
6916 | [Owner : twist |Parent : 6784] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
5124 | [Owner : twist |Parent : 6916] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
4612 | [Owner : twist |Parent : 6916] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
6944 | [Owner : twist |Parent : 6916] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
7016 | [Owner : twist |Parent : 6916] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
2600 | [Owner : twist |Parent : 6916] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
7704 | [Owner : twist |Parent : 4864] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.22621.317) = C:\Windows\System32\SecurityHealthSystray.exe
6668 | [Owner :  |Parent : 928] - (.Microsoft Corporation - Windows Security Health Service.) - (10.0.22621.317) = C:\Windows\System32\SecurityHealthService.exe
6364 | [Owner : twist |Parent : 6168] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3932 | [Owner : twist |Parent : 6364] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
5372 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - .) - (424.1301.2520.0) = C:\Program Files\WindowsApps\microsoftwindows.client.webexperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
4772 | [Owner : twist |Parent : 540] - (. - .) - (0.0.0.0) = C:\Program Files\WindowsApps\microsoftwindows.client.webexperience_424.1301.40.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
6336 | [Owner : twist |Parent : 5372] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
4920 | [Owner : twist |Parent : 6336] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
6556 | [Owner : twist |Parent : 6336] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
7076 | [Owner : twist |Parent : 6336] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
3472 | [Owner : twist |Parent : 6336] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
6736 | [Owner : twist |Parent : 6336] - (.Microsoft Corporation - Microsoft Edge WebView2.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.98\msedgewebview2.exe
5964 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
6324 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
4972 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
8200 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
3876 | [Owner : twist |Parent : 9188] - (.Microsoft Corporation - Microsoft OneDrive.) - (24.10.114.3) = C:\Users\twist\AppData\Local\Microsoft\OneDrive\OneDrive.exe
10012 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Windows Shell Experience Host.) - (10.0.22621.457) = C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
5084 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
9312 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1636 | [Owner : LOCAL SERVICE |Parent : 928] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.22621.1) = C:\Windows\System32\WUDFHost.exe
11440 | [Owner : twist |Parent : 9504] - (. - .) - (0.0.0.0) = C:\Program Files\Microvirt\MEmu\adb.exe
10392 | [Owner : twist |Parent : 540] - (. - .) - (21.21030.25003.0) = C:\Program Files\WindowsApps\microsoft.windows.photos_21.21030.25003.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
13016 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
10844 | [Owner : LOCAL SERVICE |Parent : 928] - (.Microsoft Corporation - Windows Driver Foundation - User-mode Driver Framework Host Process.) - (10.0.22621.1) = C:\Windows\System32\WUDFHost.exe
8004 | [Owner : twist |Parent : 5868] - (.Microvirt Software Technology Co. Ltd. - MEmu App Player.) - (9.0.9.3) = C:\Program Files\Microvirt\MEmu\MEmu.exe
11244 | [Owner : twist |Parent : 540] - (.Maiwei Corporation - MemuHyperv Interface.) - (5.1.34.21010) = C:\Program Files\Microvirt\MEmuHyperv\MEmuSVC.exe
12520 | [Owner : twist |Parent : 11244] - (.Maiwei Corporation - MemuHyperv Headless Frontend.) - (5.1.34.21010) = C:\Program Files\Microvirt\MEmuHyperv\MEmuHeadless.exe
10560 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
11836 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
12668 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
3032 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.22621.1) = C:\Windows\System32\smartscreen.exe
8928 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Application Frame Host.) - (10.0.22621.317) = C:\Windows\System32\ApplicationFrameHost.exe
6864 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Windows Defender application.) - (10.0.22621.1) = C:\Program Files\WindowsApps\microsoft.sechealthui_1000.22621.1.0_x64__8wekyb3d8bbwe\SecHealthUI.exe
10096 | [Owner : twist |Parent : 928] - (.Microsoft Corporation - Host Process for Windows Services.) - (10.0.22621.1) = C:\Windows\System32\svchost.exe
12068 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Windows Security Health Host.) - (10.0.22621.317) = C:\Windows\System32\SecurityHealthHost.exe
12252 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Windows Security Health Host.) - (10.0.22621.317) = C:\Windows\System32\SecurityHealthHost.exe
9700 | [Owner : twist |Parent : 5684] - (.Microsoft Corporation - Microsoft Edge.) - (121.0.2277.98) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1736 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - CHXSmartScreen.exe.) - (10.0.22621.1) = C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
12472 | [Owner : twist |Parent : 540] - (.Microsoft Corporation - Runtime Broker.) - (10.0.22621.317) = C:\Windows\System32\RuntimeBroker.exe
12444 | [Owner : LogonSessionId_0_30061596 |Parent : 928] - (.Microsoft Corporation - Windows Modules Installer.) - (10.0.22621.1) = C:\Windows\servicing\TrustedInstaller.exe
6704 | [Owner : SYSTEM |Parent : 540] - (.Microsoft Corporation - Windows Modules Installer Worker.) - (10.0.22621.378) = C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.378_none_6b5c1260907d1384\TiWorker.exe

¤¤¤¤¤¤¤¤¤¤ # Winlogon user


¤¤¤¤¤¤¤¤¤¤ # Winlogon machine

Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] :  -> C:\WINDOWS\SYSWOW64\userinit.exe,

¤¤¤¤¤¤¤¤¤¤ # SafeBoot

Safeboot Keys are O.K

Alternate shell is OK !

�


¤¤¤¤¤¤¤¤¤¤ | Winsock


¤¤¤¤¤¤¤¤¤¤ # IFEO


¤¤¤¤¤¤¤¤¤¤ # Mountpoints2



Content of U:\autorun.inf : 

[Autorun]
Label=Xubuntu à dépanner

¤¤¤¤¤¤¤¤¤¤ # Windows

[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
[HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

¤¤¤¤¤¤¤¤¤¤ # Security center

Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] :  -> C:\WINDOWS\System32\ActionCenter.dll