¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 13:44:26 10/29/2019 Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [jean- (Administrator)] - [DESKTOP-37KC94K] SID = S-1-5-21-4265624635-2019933758-61733912-1001 Boot: SafeMode with network System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 1710 Pagefile = Total (MB) : 7620 | Free (MB) : 6034 Virtual = Total (MB) : 4194 | Free (MB) : 3967 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives C:\-> [Fixed] | [OS] | Total : 488.66 Go | Free : 128.12 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\jean- C:\Users\MSSQL$ADK Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [29.10.2019 @ 13_35_13]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.18995.1 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ActiveX : 32.0.0.255 Plugin : 32.0.0.270 ���������� # Security AV : Windows Defender Disabled AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = stopped AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1940 | [Owner : jean- |Parent : 1700] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.18995.1) = C:\Windows\System32\sihost.exe 4324 | [Owner : jean- |Parent : 664] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.18995.1) = C:\Windows\System32\svchost.exe 7140 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Search application.) - (10.0.18995.1) = C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 5032 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18995.1) = C:\Windows\System32\RuntimeBroker.exe 396 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Aide et support Microsoft.) - (10.0.18995.1) = C:\Windows\HelpPane.exe 1800 | [Owner : jean- |Parent : 2108] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.18995.1) = C:\Windows\System32\ctfmon.exe 7164 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - .) - (1907.3125.0.11250) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe 1920 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Microsoft Edge.) - (11.0.18995.1) = C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe 6212 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Application Frame Host.) - (10.0.18995.1) = C:\Windows\System32\ApplicationFrameHost.exe 4780 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Browser_Broker.) - (11.0.18995.1) = C:\Windows\System32\browser_broker.exe 6988 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Runtime Broker.) - (10.0.18995.1) = C:\Windows\System32\RuntimeBroker.exe 2152 | [Owner : jean- |Parent : 6988] - (.Microsoft Corporation - Microsoft Edge Web Platform.) - (11.0.18995.1) = C:\Windows\System32\MicrosoftEdgeSH.exe 5148 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18995.1) = C:\Windows\System32\MicrosoftEdgeCP.exe 2992 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18995.1) = C:\Windows\System32\MicrosoftEdgeCP.exe 6752 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18995.1) = C:\Windows\System32\MicrosoftEdgeCP.exe 1520 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18995.1) = C:\Windows\System32\MicrosoftEdgeCP.exe 2368 | [Owner : jean- |Parent : 2412] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 6304 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 6148 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 868 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 440 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 2360 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 5236 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 4864 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 5252 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 5920 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 3004 | [Owner : jean- |Parent : 2368] - (.Mozilla Corporation - Firefox.) - (70.0.0.7228) = C:\Program Files\Mozilla Firefox\firefox.exe 6296 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Microsoft Edge Content Process.) - (11.0.18995.1) = C:\Windows\System32\MicrosoftEdgeCP.exe 5976 | [Owner : jean- |Parent : 4232] - (.Microsoft Corporation - Internet Explorer.) - (11.0.18995.1) = C:\Program Files\Internet Explorer\iexplore.exe 2628 | [Owner : jean- |Parent : 5976] - (.Microsoft Corporation - Internet Explorer.) - (11.0.18995.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 6088 | [Owner : jean- |Parent : 836] - (.Tonec Inc. - Internet Download Manager (IDM).) - (6.35.8.2) = C:\Program Files (x86)\Internet Download Manager\IDMan.exe 4636 | [Owner : jean- |Parent : 4716] - (.Systweak - Duplicate Photos Fixer Pro.) - (1.1.1086.6699) = C:\Program Files (x86)\Duplicate Photos Fixer Pro\DuplicatePhotosFixerPro.exe 692 | [Owner : jean- |Parent : 6672] - (.Systweak Software - DiskAnalyzerPro.) - (1.0.1200.1170) = C:\Program Files (x86)\Disk Analyzer Pro\DiskAnalyzerPro.exe 7092 | [Owner : jean- |Parent : 1788] - (.Microsoft Corporation - Exécutable de l’aide HTML Microsoft®.) - (10.0.18995.1) = C:\Windows\hh.exe 4532 | [Owner : jean- |Parent : 836] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.18995.1) = C:\Windows\explorer.exe 4212 | [Owner : jean- |Parent : 4232] - (.Microsoft Corporation - Outil Capture d’écran.) - (10.0.18995.1) = C:\Windows\System32\SnippingTool.exe 4004 | [Owner : jean- |Parent : 2368] - (. - .) - (0.0.0.0) = C:\Users\jean-\Downloads\install_73126.exe 3700 | [Owner : jean- |Parent : 4004] - (.Nordnet - Controle parental installer.) - (7.3.1.26) = C:\Users\jean-\AppData\Local\Temp\CPW_installer\meta_installer91444\CPInstallerv7.exe 1508 | [Owner : jean- |Parent : 4232] - (.Microsoft Corporation - Gestionnaire des tâches.) - (10.0.18995.1) = C:\Windows\System32\Taskmgr.exe 6204 | [Owner : jean- |Parent : 6232] - (.Innovative Solutions - Orange Defender Antivirus.) - (3.37.0.205) = C:\Program Files (x86)\Innovative Solutions\Orange Defender Antivirus\orangedefender.exe 5768 | [Owner : jean- |Parent : 4200] - (.Microsoft Corporation - Internet Explorer.) - (11.0.18995.1) = C:\Program Files\Internet Explorer\iexplore.exe 7064 | [Owner : jean- |Parent : 4200] - (.Innovative Solutions GRUP SRL - Advanced Uninstaller PRO.) - (12.25.0.103) = C:\Program Files (x86)\Innovative Solutions\Advanced Uninstaller PRO\uninstaller.exe 5328 | [Owner : jean- |Parent : 5768] - (.Microsoft Corporation - Internet Explorer.) - (11.0.18995.1) = C:\Program Files (x86)\Internet Explorer\iexplore.exe 6816 | [Owner : jean- |Parent : 5548] - (.Microsoft Corporation - Notepad Launcher.) - (10.0.18995.1) = C:\Windows\notepad.exe 6568 | [Owner : jean- |Parent : 2040] - (.Orange - Orange Inside.) - (3.2.0.1) = C:\Users\jean-\AppData\Roaming\Orange\OrangeInside\OrangeInside.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : C:\WINDOWS\system32\userinit.exe, -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ | Winsock ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\nwjs Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\rejetto Deleted : HKU\S-1-5-21-4265624635-2019933758-61733912-1001\Software\KsL Software Moved to quarantine successfully : C:\WINDOWS\Tasks\AupAvUpdate.job Will be moved in quarantine at reboot : C:\Users\jean-\Documents\data Moved to quarantine successfully : C:\bootTel.dat Will be moved in quarantine at reboot : C:\DumpStack.log.tmp Will be moved in quarantine at reboot : C:\DumpStack.log.tmp Moved to quarantine successfully : C:\g3n.ico Moved to quarantine successfully : C:\Monster.ico Moved to quarantine successfully : C:\Users\jean-\AppData\Roaming\IsMyLcdOK Moved to quarantine successfully : C:\Users\jean-\AppData\Roaming\PointerStick ¤¤¤¤¤¤¤¤¤¤ # ADS ¤¤¤¤¤¤¤¤¤¤ # Prefetch cleaned ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 12 | Restored : 11 ~ [Program Files] : Hidden : 1166 | Restored : 1166 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Pictures] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 11 | Restored : 11 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 65 | Restored : 64 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 140 | Restored : 140 End : 14:12:37 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 221