¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | V9_18.10.19.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 09:32:22 03/02/2023 Updated 18/10/2019 | 07:30 (GMT) by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [UEFM LFS Hyper UEFM (Administrator)] - [DESKTOP-DO2EQCB] SID = S-1-5-21-158993690-1269080673-3091534466-1000 Boot: Normal boot System : Windows 10 Home (64 bits) Core ProcessorNameString : AMD E1-1200 APU with Radeon(tm) HD Graphics Identifier : AMD64 Family 20 Model 2 Stepping 0 CoreTemp : -1 Celsius - Max : Celsius Memory RAM = Total (MB) : 3748 | Free (MB) : 980 Pagefile = Total (MB) : 5889 | Free (MB) : 2441 Virtual = Total (MB) : 4194 | Free (MB) : 3978 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up ¤¤¤¤¤¤¤¤¤¤¤ # Drives R:\-> [CDROM] | [PANA-UDF] | Total : 4.27 Go | Free : 0 Go -> UDF [SATA] N:\-> [Fixed] | [] | Total : 0.5 Go | Free : 0.5 Go -> FAT32 [SATA] M:\-> [Fixed] | [] | Total : 0 Go | Free : 0 Go -> FAT [SATA] K:\-> [Fixed] | [s windows cybelink wintob loaris] | Total : 130.1 Go | Free : 103.26 Go -> NTFS [SATA] J:\-> [Fixed] | [itsa apps os by oblox & bitser] | Total : 49.56 Go | Free : 39.86 Go -> NTFS [SATA] G:\-> [Fixed] | [2 os - vexe sifatal uef] | Total : 39.62 Go | Free : 39.52 Go -> NTFS [SATA] F:\-> [Fixed] | [Boot] | Total : 0 Go | Free : 0 Go -> NTFS [SATA] E:\-> [Fixed] | [EFISECTOR] | Total : 0 Go | Free : 0 Go -> FAT [SATA] D:\-> [Fixed] | [os vexe sifatal aub3] | Total : 64.23 Go | Free : 57.34 Go -> NTFS [SATA] C:\-> [Fixed] | [] | Total : 151.02 Go | Free : 61.06 Go -> NTFS [SATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Windows Is Activated ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\WINDOWS\system32\config\systemprofile C:\WINDOWS\ServiceProfiles\LocalService C:\WINDOWS\ServiceProfiles\NetworkService C:\Users\UEFM LFS Hyper UEFM Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [02.03.2023 @ 09_25_53]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 11.0.19041.1566 (© Microsoft Corporation.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ���������� # Security AS : Windows Defender Enabled FW : WMI : OK WU: Windows Update Service [Manual(3)] = Running AS: Windows Defender [Auto(2)] = Running FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1656 | [Owner : |Parent : 880] - (.AMD - AMD External Events Service Module.) - (6.14.11.1199) = C:\Windows\System32\atiesrxx.exe 2540 | [Owner : |Parent : 880] - (.Realtek Semiconductor - Realtek Audio Service.) - (1.0.0.48) = C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe 2572 | [Owner : |Parent : 2540] - (.Realtek Semiconductor - HD Audio Background Process.) - (1.0.0.159) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe 2800 | [Owner : |Parent : 880] - (.Microsoft Corporation - Application sous-système spouleur.) - (10.0.19041.2546) = C:\Windows\System32\spoolsv.exe 2984 | [Owner : Système |Parent : 880] - (.Advanced Micro Devices, Inc. - Service Fusion Utility.) - (1.0.0.0) = C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe 2272 | [Owner : Système |Parent : 880] - (. - .) - (1.0.0.0) = C:\Program Files (x86)\UCBrowser\Application\UCService.exe 2092 | [Owner : |Parent : 880] - (.Microsoft Corporation - Antimalware Service Executable.) - (4.18.2301.6) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MsMpEng.exe 3708 | [Owner : Système |Parent : 1656] - (.AMD - AMD External Events Client Module.) - (6.14.11.1199) = C:\Windows\System32\atieclxx.exe 1276 | [Owner : UEFM LFS Hyper UEFM |Parent : 1476] - (.Microsoft Corporation - Shell Infrastructure Host.) - (10.0.19041.746) = C:\Windows\System32\sihost.exe 3468 | [Owner : UEFM LFS Hyper UEFM |Parent : 880] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 2160 | [Owner : UEFM LFS Hyper UEFM |Parent : 880] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 3996 | [Owner : UEFM LFS Hyper UEFM |Parent : 1308] - (.Microsoft Corporation - Processus hôte pour Tâches Windows.) - (10.0.19041.1865) = C:\Windows\System32\taskhostw.exe 4164 | [Owner : UEFM LFS Hyper UEFM |Parent : 3904] - (.Microsoft Corporation - Chargeur CTF.) - (10.0.19041.1) = C:\Windows\System32\ctfmon.exe 4436 | [Owner : UEFM LFS Hyper UEFM |Parent : 4352] - (.Microsoft Corporation - Explorateur Windows.) - (10.0.19041.2604) = C:\Windows\explorer.exe 4672 | [Owner : LogonSessionId_0_612523 |Parent : 880] - (.Microsoft Corporation - Indexeur Microsoft Windows Search.) - (7.0.19041.2546) = C:\Windows\System32\SearchIndexer.exe 5036 | [Owner : UEFM LFS Hyper UEFM |Parent : 880] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 2128 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 5328 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (. - .) - (0.0.0.0) = C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 5720 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 6028 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 6884 | [Owner : UEFM LFS Hyper UEFM |Parent : 4436] - (.Microsoft Corporation - Windows Security notification icon.) - (10.0.19041.1) = C:\Windows\System32\SecurityHealthSystray.exe 6936 | [Owner : |Parent : 880] - (.Microsoft Corporation - Windows Security Health Service.) - (4.18.1907.16384) = C:\Windows\System32\SecurityHealthService.exe 696 | [Owner : UEFM LFS Hyper UEFM |Parent : 4436] - (.PortableApps.com - PortableApps.com Platform.) - (24.1.0.0) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\PortableApps.com\PortableAppsPlatform.exe 6180 | [Owner : UEFM LFS Hyper UEFM |Parent : 7152] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Monitoring program.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 5156 | [Owner : UEFM LFS Hyper UEFM |Parent : 6180] - (.Advanced Micro Devices Inc. - Catalyst Control Center: Host application.) - (4.5.0.0) = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 6160 | [Owner : UEFM LFS Hyper UEFM |Parent : 880] - (.Microsoft Corporation - Processus hôte pour les services Windows.) - (10.0.19041.1806) = C:\Windows\System32\svchost.exe 6528 | [Owner : |Parent : 880] - (.Microsoft Corporation - Service Broker du moniteur d´exécution System Guard.) - (10.0.19041.546) = C:\Windows\System32\SgrmBroker.exe 7360 | [Owner : Système |Parent : 2272] - (. - .) - (0.0.0.0) = C:\Program Files (x86)\UCBrowser\Application\6.0.1308.1016\UCAgent.exe 6104 | [Owner : UEFM LFS Hyper UEFM |Parent : 8136] - (.Microsoft Corporation - Microsoft OneDrive.) - (23.33.212.1) = C:\Users\UEFM LFS Hyper UEFM\AppData\Local\Microsoft\OneDrive\OneDrive.exe 4900 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 3232 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (. - .) - (2022.30120.12007.0) = C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2022.30120.12007.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe 5244 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 6860 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - .) - (121.9202.4105.0) = C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 6212 | [Owner : UEFM LFS Hyper UEFM |Parent : 1288] - (.Mozilla Corporation - Firefox Nightly.) - (112.0.0.8458) = C:\Program Files\Firefox Nightly\firefox.exe 1056 | [Owner : UEFM LFS Hyper UEFM |Parent : 6212] - (.Mozilla Corporation - Firefox Nightly.) - (112.0.0.8458) = C:\Program Files\Firefox Nightly\firefox.exe 2936 | [Owner : UEFM LFS Hyper UEFM |Parent : 6212] - (.Mozilla Corporation - Firefox Nightly.) - (112.0.0.8458) = C:\Program Files\Firefox Nightly\firefox.exe 8100 | [Owner : |Parent : 2092] - (.Microsoft Corporation - Microsoft Malware Protection Copy Accelerator Utility.) - (4.18.2301.6) = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2301.6-0\MpCopyAccelerator.exe 2944 | [Owner : UEFM LFS Hyper UEFM |Parent : 696] - (.PortableApps.com - balenaEtcher Portable (PortableApps.com Launcher).) - (2.2.2.1) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\balenaEtcherPortable\balenaEtcherPortable.exe 1316 | [Owner : UEFM LFS Hyper UEFM |Parent : 2944] - (.Balena Inc. - balenaEtcher.) - (1.13.1.0) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\balenaEtcherPortable\App\balenaEtcher64\balenaEtcher.exe 4008 | [Owner : UEFM LFS Hyper UEFM |Parent : 1316] - (.Balena Inc. - balenaEtcher.) - (1.13.1.0) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\balenaEtcherPortable\App\balenaEtcher64\balenaEtcher.exe 7936 | [Owner : UEFM LFS Hyper UEFM |Parent : 1316] - (.Balena Inc. - balenaEtcher.) - (1.13.1.0) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\balenaEtcherPortable\App\balenaEtcher64\balenaEtcher.exe 7680 | [Owner : UEFM LFS Hyper UEFM |Parent : 1316] - (.Balena Inc. - balenaEtcher.) - (1.13.1.0) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\balenaEtcherPortable\App\balenaEtcher64\balenaEtcher.exe 8984 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Runtime Broker.) - (10.0.19041.746) = C:\Windows\System32\RuntimeBroker.exe 1436 | [Owner : UEFM LFS Hyper UEFM |Parent : 1316] - (.Balena Inc. - balenaEtcher.) - (1.13.1.0) = C:\Users\UEFM LFS Hyper UEFM\PortableApps\balenaEtcherPortable\App\balenaEtcher64\balenaEtcher.exe 9120 | [Owner : UEFM LFS Hyper UEFM |Parent : 7680] - (.UCWeb Inc. - UC Browser.) - (6.0.1308.1016) = C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 6008 | [Owner : UEFM LFS Hyper UEFM |Parent : 9120] - (.UCWeb Inc. - UC Browser.) - (6.0.1308.1016) = C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 4292 | [Owner : UEFM LFS Hyper UEFM |Parent : 9120] - (.UCWeb Inc. - UC Browser.) - (6.0.1308.1016) = C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 8680 | [Owner : UEFM LFS Hyper UEFM |Parent : 9120] - (.UCWeb Inc. - UC Browser.) - (6.0.1308.1016) = C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 8708 | [Owner : UEFM LFS Hyper UEFM |Parent : 9120] - (.UCWeb Inc. - UC Browser.) - (6.0.1308.1016) = C:\Program Files (x86)\UCBrowser\Application\UCBrowser.exe 6284 | [Owner : UEFM LFS Hyper UEFM |Parent : 6212] - (.Balena Inc. - Flash OS images to SD cards and USB drives, safely and easily..) - (1.14.3.0) = C:\Users\UEFM LFS Hyper UEFM\Downloads\balenaEtcher-Portable-1.14.3.exe 2680 | [Owner : UEFM LFS Hyper UEFM |Parent : 6284] - (.Balena Inc. - balenaEtcher.) - (1.14.3.0) = C:\Users\UEFMLF~1\AppData\Local\Temp\2KXjcvPO27XXy4WJuFTGsUTmXgC\balenaEtcher.exe 8356 | [Owner : UEFM LFS Hyper UEFM |Parent : 2680] - (.Balena Inc. - balenaEtcher.) - (1.14.3.0) = C:\Users\UEFMLF~1\AppData\Local\Temp\2KXjcvPO27XXy4WJuFTGsUTmXgC\balenaEtcher.exe 8776 | [Owner : UEFM LFS Hyper UEFM |Parent : 2680] - (.Balena Inc. - balenaEtcher.) - (1.14.3.0) = C:\Users\UEFMLF~1\AppData\Local\Temp\2KXjcvPO27XXy4WJuFTGsUTmXgC\balenaEtcher.exe 1528 | [Owner : UEFM LFS Hyper UEFM |Parent : 2680] - (.Balena Inc. - balenaEtcher.) - (1.14.3.0) = C:\Users\UEFMLF~1\AppData\Local\Temp\2KXjcvPO27XXy4WJuFTGsUTmXgC\balenaEtcher.exe 7056 | [Owner : UEFM LFS Hyper UEFM |Parent : 2680] - (.Balena Inc. - balenaEtcher.) - (1.14.3.0) = C:\Users\UEFMLF~1\AppData\Local\Temp\2KXjcvPO27XXy4WJuFTGsUTmXgC\balenaEtcher.exe 6080 | [Owner : UEFM LFS Hyper UEFM |Parent : 6212] - (.Balena Inc. - Flash OS images to SD cards and USB drives, safely and easily..) - (1.14.3.0) = C:\Users\UEFM LFS Hyper UEFM\Downloads\balenaEtcher-Setup-1.14.3.exe 2320 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Application Frame Host.) - (10.0.19041.746) = C:\Windows\System32\ApplicationFrameHost.exe 3584 | [Owner : UEFM LFS Hyper UEFM |Parent : 988] - (.Microsoft Corporation - Windows Defender SmartScreen.) - (10.0.19041.2364) = C:\Windows\System32\smartscreen.exe 9532 | [Owner : Système |Parent : 4672] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.19041.2546) = C:\Windows\System32\SearchProtocolHost.exe 9956 | [Owner : Système |Parent : 4672] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.19041.2546) = C:\Windows\System32\SearchFilterHost.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine Repaired : [HKLM\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]~[userinit] : -> C:\WINDOWS\SYSWOW64\userinit.exe, ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � ¤¤¤¤¤¤¤¤¤¤ | Winsock ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\WOW6432Node\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center Repaired : [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellServiceObjects\{F56F6FDD-AA9D-4618-A949-C1B91AF43B1A}]~[Autostart] : -> C:\WINDOWS\System32\ActionCenter.dll ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Compbatt]~[Start] : -> 0 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\PlugPlay]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Parvdm]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IKEEXT]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\IAStorDataMgrsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\lmhosts]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Bits]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wlansvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wuauserv]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\wudfsvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\WINDOWS\Tasks\UCBrowserUpdaterCore.job Will be moved in quarantine at reboot : C:\DumpStack.log.tmp Will be moved in quarantine at reboot : C:\DumpStack.log.tmp ¤¤¤¤¤¤¤¤¤¤ # ADS ¤¤¤¤¤¤¤¤¤¤ # Prefetch cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) E:\ : Vaccinated (Vaccin created by Pre_Scan) F:\ : Vaccinated (Vaccin created by Pre_Scan) G:\ : Vaccinated (Vaccin created by Pre_Scan) J:\ : Vaccinated (Vaccin created by Pre_Scan) K:\ : Vaccinated (Vaccin created by Pre_Scan) M:\ : Vaccinated (Vaccin created by Pre_Scan) N:\ : Vaccinated (Vaccin created by Pre_Scan) ¤¤¤¤¤¤¤¤¤¤ | Hidden files ~ [Drive C:] : Hidden : 2 | Restored : 1 ~ [Program Files] : Hidden : 1 | Restored : 1 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 3 | Restored : 3 ~ [Windows] : Hidden : 67 | Restored : 66 ~ [Start Menu | Programs | Startup] : Hidden : 1 | Restored : 1 ~ [AppData] : Hidden : 1 | Restored : 1 End : 10:15:01 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 239