¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V7_16.10.17.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 14:43:03 09/12/2022 Updated 16/10/2017 | 14.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Compaq (Administrator)] - [DESKTOP-650T4C4] SID = S-1-5-21-3945783615-3853108761-1058730989-1001 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1856 Pagefile = Total (MB) : 7812 | Free (MB) : 5862 Virtual = Total (MB) : 4194 | Free (MB) : 3962 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives I:\-> [Fixed] | [WD Elements] | Total : 929.42 Go | Free : 1.57 Go -> NTFS [USB] H:\-> [Removable] | [COMODO RESC] | Total : 7.48 Go | Free : 3.34 Go -> FAT32 [USB] G:\-> [Fixed] | [windows2go workspace] | Total : 57.6 Go | Free : 0 Go -> NTFS (SSD) [USB] F:\-> [CDROM] | [EPSON] | Total : 0.4 Go | Free : 0 Go -> CDFS [SATA] C:\-> [Fixed] | [] | Total : 930.89 Go | Free : 845.71 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Compaq Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [12.09.2022 @ 14_38_49]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.19041.1566 (© Microsoft Corporation. Tous droits réservés.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ���������� # Security AS : FW : WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1300 | [Owner : |Parent : 784] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 2236 | [Owner : |Parent : 784] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 2264 | [Owner : |Parent : 2236] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 2472 | [Owner : |Parent : 784] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.1826) = C:\Windows\System32\spoolsv.exe 2780 | [Owner : Système |Parent : 784] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2932 | [Owner : Système |Parent : 784] - (.Seiko Epson Corporation - Epson Scanner Service (64bit).) - (1.1.0.1) = C:\Windows\System32\escsvc64.exe 2416 | [Owner : |Parent : 784] - (.Microsoft Corporation - Service Broker du moniteur d'exécution System Guard.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe 4572 | [Owner : Système |Parent : 1300] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 2984 | [Owner : Compaq |Parent : 1772] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe 4604 | [Owner : Compaq |Parent : 784] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 4852 | [Owner : Compaq |Parent : 784] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 2500 | [Owner : Compaq |Parent : 1876] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1865) = C:\Windows\System32\taskhostw.exe 4424 | [Owner : Compaq |Parent : 2052] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe 3052 | [Owner : Compaq |Parent : 4172] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.1889) = C:\Windows\explorer.exe 6024 | [Owner : Compaq |Parent : 784] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 4532 | [Owner : Aucun |Parent : 1876] - (.iTop Inc. - iTop Screen Recorder.) - (3.1.0.1102) = C:\Program Files\iTop Screen Recorder\iScrRec.exe 4980 | [Owner : Compaq |Parent : 908] - (. - .) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 2316 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 6072 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - .) - (121.9202.4105.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 4128 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 6720 | [Owner : Compaq |Parent : 3052] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe 1144 | [Owner : Compaq |Parent : 3052] - (.Microsoft Corporation - Microsoft OneDrive.) - (22.166.807.2) = C:\Users\Compaq\AppData\Local\Microsoft\OneDrive\OneDrive.exe 4196 | [Owner : |Parent : 784] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe 6308 | [Owner : Compaq |Parent : 784] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 6004 | [Owner : Compaq |Parent : 2508] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 2716 | [Owner : Compaq |Parent : 3644] - (.SEIKO EPSON CORPORATION - Fax Reception.) - (3.2.5.1) = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe 7444 | [Owner : Compaq |Parent : 6004] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 7652 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Search application.) - (10.0.19041.1889) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 1476 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - User OOBE Broker.) - (10.0.19041.746) = C:\Windows\System32\oobe\UserOOBEBroker.exe 2524 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe 4672 | [Owner : Compaq |Parent : 908] - (. - .) - (10.22041.1009.0) = C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22041.10091.0_x64__8wekyb3d8bbwe\Video.UI.exe 7164 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 1984 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 5852 | [Owner : Système |Parent : 908] - (.Microsoft Corporation - MoUSO Core Worker Process.) - (10.0.19041.1865) = C:\Windows\System32\MoUsoCoreWorker.exe 4668 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 3292 | [Owner : Compaq |Parent : 2984] - (.Microsoft Corporation - PhoneExperienceHost.) - (1.22062.543.0) = C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22062.543.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe 8056 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 8908 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 5900 | [Owner : Compaq |Parent : 784] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 2340 | [Owner : Compaq |Parent : 908] - (. - .) - (2022.30070.26007.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2022.30070.26007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 6364 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 5732 | [Owner : |Parent : 784] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2207.7) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MsMpEng.exe 1440 | [Owner : SERVICE LOCAL |Parent : 784] - (.Microsoft Corporation - Windows Driver Foundation - Processus hôte de l’infrastructure de pilotes en mode utilisateur.) - (10.0.19041.1865) = C:\Windows\System32\WUDFHost.exe 8732 | [Owner : Compaq |Parent : 11864] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 6992 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 11988 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 12044 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 9824 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 9512 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 11864 | [Owner : LogonSessionId_0_33794690 |Parent : 784] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.1865) = C:\Windows\System32\SearchIndexer.exe 4104 | [Owner : Système |Parent : 784] - (.Adobe Inc. - Adobe Acrobat Update Service.) - (1.824.460.1013) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 6156 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 9496 | [Owner : Compaq |Parent : 5584] - (.Microsoft Corporation - Microsoft Edge.) - (105.0.1343.33) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 7080 | [Owner : Compaq |Parent : 9496] - (.Microsoft Corporation - Microsoft Edge.) - (105.0.1343.33) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 12160 | [Owner : Compaq |Parent : 9496] - (.Microsoft Corporation - Microsoft Edge.) - (105.0.1343.33) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 9188 | [Owner : Compaq |Parent : 9496] - (.Microsoft Corporation - Microsoft Edge.) - (105.0.1343.33) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 3392 | [Owner : Compaq |Parent : 9496] - (.Microsoft Corporation - Microsoft Edge.) - (105.0.1343.33) = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 6168 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 8380 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 5264 | [Owner : Aucun |Parent : 1876] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1865) = C:\Windows\System32\taskhostw.exe 32 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 9032 | [Owner : Compaq |Parent : 8732] - (.Mozilla Corporation - Firefox.) - (104.0.2.8280) = C:\Program Files\Mozilla Firefox\firefox.exe 9596 | [Owner : Aucun |Parent : 3052] - (.bartblaze - Tool to delete VBS autorun worms & unhide files.) - (8.0.0.0) = G:\Users\EFM LFS Hyper UEFM\Desktop\Rem-VBSworm\Rem-VBSworm.exe 8524 | [Owner : Aucun |Parent : 9596] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.1566) = C:\Windows\System32\conhost.exe 2148 | [Owner : Aucun |Parent : 9596] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.19041.746) = C:\Windows\SysWOW64\cmd.exe 5992 | [Owner : Aucun |Parent : 2148] - (.Microsoft Corporation - Utilitaire Attribute.) - (10.0.19041.1) = C:\Windows\SysWOW64\attrib.exe 10780 | [Owner : Compaq |Parent : 908] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.1682) = C:\Windows\System32\smartscreen.exe 9940 | [Owner : Aucun |Parent : 3052] - (.bartblaze - Tool to delete VBS autorun worms & unhide files.) - (8.0.0.0) = G:\Users\EFM LFS Hyper UEFM\Desktop\Rem-VBSworm\Rem-VBSworm.exe 9580 | [Owner : Aucun |Parent : 9940] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.1566) = C:\Windows\System32\conhost.exe 5724 | [Owner : Aucun |Parent : 9940] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.19041.746) = C:\Windows\SysWOW64\cmd.exe 8608 | [Owner : Aucun |Parent : 5724] - (.Microsoft Corporation - Utilitaire Attribute.) - (10.0.19041.1) = C:\Windows\SysWOW64\attrib.exe 7600 | [Owner : Aucun |Parent : 3052] - (.Streuner Corporation - Desinfecta tu USB y PC del odioso virus del acceso directo..) - (17.2.0.0) = G:\Users\EFM LFS Hyper UEFM\Desktop\usb-file-resc_17.2.0.0.exe 6320 | [Owner : Aucun |Parent : 7600] - (.Microsoft Corporation - Hôte de la fenêtre de la console.) - (10.0.19041.1566) = C:\Windows\System32\conhost.exe 2548 | [Owner : Aucun |Parent : 7600] - (.Microsoft Corporation - Interpréteur de commandes Windows.) - (10.0.19041.746) = C:\Windows\SysWOW64\cmd.exe 10488 | [Owner : Aucun |Parent : 2548] - (.Microsoft Corporation - Utilitaire Attribute.) - (10.0.19041.1) = C:\Windows\SysWOW64\attrib.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\Windows\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 Content of H:\autorun.inf : ; Created by Rufus 3.17.1846 ; https://rufus.ie [autorun] icon = autorun.ico label = COMODO Rescue Disk ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM64\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\Windows\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : I:\JRT.exe Moved to quarantine successfully : G:\cispro_installer.exe Moved to quarantine successfully : G:\css_installer.exe Moved to quarantine successfully : G:\delfix_1.013.exe Moved to quarantine successfully : G:\iphonebackupextractor-latest(1).exe Moved to quarantine successfully : G:\iphonebackupextractor-latest.exe Moved to quarantine successfully : G:\TrialDownload-21-4-46.exe Moved to quarantine successfully : I:\Donner votre avis sur Slowin' Killer.lnk Moved to quarantine successfully : I:\Slowin' Killer - Analyser (1).lnk Moved to quarantine successfully : I:\Utilisateurs - Raccourci.lnk Will be moved in quarantine at reboot : C:\DumpStack.log.tmp Will be moved in quarantine at reboot : I:\msdownld.tmp Will be moved in quarantine at reboot : I:\MSI1dd1d.tmp Will be moved in quarantine at reboot : C:\DumpStack.log.tmp Moved to quarantine successfully : H:\autorun.ico ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned H:\ : Vaccinated (Vaccin created by Usbfix) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive Z:] : Hidden : 5 | Restored : 5 ~ [Drive C:] : Hidden : 4 | Restored : 3 ~ [Program Files] : Hidden : 3 | Restored : 3 ~ [Users] : Hidden : 1 | Restored : 1 ~ [Documents] : Hidden : 3 | Restored : 3