¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 6_14.03.2016.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 19:20:03 Updated 14/03/2016 | 05.45 by g3n-h@ckm@n Contact : http://www.sosvirus.net/ Pre_scan Feedbacks : http://www.sosvirus.net/feedback-t74962.html [Comp (Administrator)] - [COMP-PC] SID = S-1-5-21-1707862676-2149366739-3682150470-1000 Boot: Normal boot System : Windows 7 Ultimate (32 bits) Ultimate Service Pack 1 ProcessorNameString : Intel(R) Pentium(R) CPU P6200 @ 2.13GHz Identifier : x86 Family 6 Model 37 Stepping 5 CoreTemp : 61 Celsius - Max : 90 Celsius Memory RAM = Total (MB) : 1826 | Free (MB) : 1064 Pagefile = Total (MB) : 3651 | Free (MB) : 2581 Virtual = Total (MB) : 2097 | Free (MB) : 1950 ¤¤¤¤¤¤¤¤¤¤ # Components of starting up C:\Windows\Setup\Scripts\ACER.XRM-MS C:\Windows\Setup\Scripts\ADVENT.XRM-MS C:\Windows\Setup\Scripts\ALIENWARE .XRM-MS C:\Windows\Setup\Scripts\ASUS.XRM-MS C:\Windows\Setup\Scripts\bootinst.exe C:\Windows\Setup\Scripts\COMPAQ.XRM-MS C:\Windows\Setup\Scripts\DELL.XRM-MS C:\Windows\Setup\Scripts\FOUNDER .XRM-MS C:\Windows\Setup\Scripts\FUJITSU.XRM-MS C:\Windows\Setup\Scripts\GIGABYTE.XRM-MS C:\Windows\Setup\Scripts\grldr C:\Windows\Setup\Scripts\HP.XRM-MS C:\Windows\Setup\Scripts\HPPro.XRM-MS C:\Windows\Setup\Scripts\Install.bat C:\Windows\Setup\Scripts\LENOVO.XRM-MS C:\Windows\Setup\Scripts\LG.XRM-MS C:\Windows\Setup\Scripts\MSI.XRM-MS C:\Windows\Setup\Scripts\NOKIA.XRM-MS C:\Windows\Setup\Scripts\SAMSUNG.XRM-MS C:\Windows\Setup\Scripts\SETUPCOMPLETE.cmd C:\Windows\Setup\Scripts\Sony.XRM-MS C:\Windows\Setup\Scripts\TOSASU-Toshiba.XRM-MS C:\Windows\Setup\Scripts\TOSCPL-Toshiba.XRM-MS C:\Windows\Setup\Scripts\TOSINV-Toshiba.XRM-MS C:\Windows\Setup\Scripts\TOSQCI-Toshiba.XRM-MS ¤¤¤¤¤¤¤¤¤¤¤ # Drives D:\-> [Fixed] | [] | Total : 224.85 Go | Free : 72.46 Go -> NTFS [ATA] C:\-> [Fixed] | [] | Total : 73.14 Go | Free : 4.92 Go -> NTFS [ATA] ¤¤¤¤¤¤¤¤¤¤ # Windows updates Next search : 2015-08-23 13:14:22 Microsoft : - ¤¤¤¤¤¤¤¤¤¤ # Sessions C:\Windows\system32\config\systemprofile C:\Windows\ServiceProfiles\LocalService C:\Windows\ServiceProfiles\NetworkService C:\Users\Comp Registry saved , to restore : Shortcut on the desktop 'Pre_Scan_Restore' Restore the register (C:\Pre_Scan\Save\Registry [27.03.2016 @ 19_15_41]) To restore File or Folder : Shortcut on the desktop 'Pre_Scan_Restore' , select 'restore File - Folder' , select an Item and click on Restore ¤¤¤¤¤¤¤¤¤¤ # Browsers IE : 8.0.7601.17514 (© Microsoft Corporation.) FF : 37.0.2.5583 (©Firefox and Mozilla Developers; available under the MPL 2 license.) GC : 49.0.2623.108 (Copyright 2015 Google Inc.) ¤¤¤¤¤¤¤¤¤¤ # FlashPlayer ���������� # Security AV : Microsoft Security Essentials Enabled AS : Microsoft Security Essentials Enabled FW : WMI : OK WU: Windows Update Service [Auto(2)] = Running AS: Windows Defender [Manual(3)] = stopped FW: Windows FireWall Service [Auto(2)] = Running ¤¤¤¤¤¤¤¤¤¤ # Stopped processes 1524 | [Owner : SYSTEM |Parent : 516] - (.Microsoft Corporation - Spooler SubSystem App.) - (6.1.7601.17514) = C:\Windows\System32\spoolsv.exe 1532 | [Owner : Comp |Parent : 1448] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17514) = C:\Windows\explorer.exe 1628 | [Owner : Comp |Parent : 516] - (.Microsoft Corporation - Host Process for Windows Tasks.) - (6.1.7601.17514) = C:\Windows\System32\taskhost.exe 1776 | [Owner : SYSTEM |Parent : 516] - (. - .) - (1.0.0.0) = C:\Users\Comp\AppData\Roaming\Netpus\Netpus.exe 1812 | [Owner : Comp |Parent : 1776] - (. - .) - (0.0.0.0) = C:\Users\Comp\AppData\Roaming\Netpus\Gedro.exe 1896 | [Owner : NETWORK SERVICE |Parent : 516] - (.Microsoft Corporation - SQL Server Windows NT.) - (2007.100.2531.0) = C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe 392 | [Owner : Comp |Parent : 1532] - (.Microsoft Corporation - Microsoft Security Client User Interface.) - (4.4.304.0) = C:\Program Files\Microsoft Security Client\msseces.exe 348 | [Owner : Comp |Parent : 1532] - (.Alcor Micro Corp. - Single LUN Icon Utility for VID 058F PID 6366.) - (1.1.0.38) = C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe 584 | [Owner : Comp |Parent : 1532] - (.Intel Corporation - IAStorIcon.) - (10.0.0.1046) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe 1196 | [Owner : Comp |Parent : 1532] - (.Citrix Systems, Inc. - Citrix Connection Center.) - (14.4.0.8014) = C:\Program Files\Citrix\ICA Client\concentr.exe 1288 | [Owner : Comp |Parent : 1532] - (.Citrix Systems, Inc. - Citrix FTA, URL Redirector.) - (14.4.0.8014) = C:\Program Files\Citrix\ICA Client\redirector.exe 1020 | [Owner : SYSTEM |Parent : 516] - (.Realtek Semiconductor Corp. - Realtek RtlService Application.) - (700.1007.509.2012) = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtlService.exe 2116 | [Owner : SYSTEM |Parent : 516] - (.Microsoft Corporation - SQL Server VSS Writer.) - (2007.100.1600.22) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 2248 | [Owner : Comp |Parent : 1196] - (.Citrix Systems, Inc. - Citrix Receiver Application.) - (4.4.0.65534) = C:\Program Files\Citrix\ICA Client\Receiver\Receiver.exe 2256 | [Owner : SYSTEM |Parent : 1020] - (.Realtek Semiconductor Corp. - RtWLan.) - (700.1660.1129.2012) = C:\Program Files\REALTEK\USB Wireless LAN Utility\RtWLan.exe 2324 | [Owner : Comp |Parent : 1532] - (. - .) - (0.0.0.0) = C:\Users\Comp\AppData\Local\MiPhoneManager\main\MiPhoneHelper.exe 2512 | [Owner : Comp |Parent : 2248] - (.Citrix Systems, Inc. - Citrix Receiver.) - (4.4.0.11833) = C:\Program Files\Citrix\ICA Client\SelfServicePlugin\SelfServicePlugin.exe 2548 | [Owner : Comp |Parent : 2536] - (.Nico Mak Computing - File Association Helper.) - (2.0.62.40300) = C:\Program Files\WinZip\FAHWindow32.exe 2700 | [Owner : Comp |Parent : 1532] - (.Nico Mak Computing - WinZip Update Notifier.) - (1.0.0.0) = C:\Program Files\WinZip\WZUpdateNotifier.exe 2792 | [Owner : Comp |Parent : 640] - (.Citrix Systems, Inc. - Citrix Connection Manager.) - (14.4.0.8014) = C:\Program Files\Citrix\ICA Client\wfcrun32.exe 2816 | [Owner : Comp |Parent : 1532] - (.WinZip Computing, S.L. - WinZip Preloader.) - (20.0.11661.0) = C:\Program Files\WinZip\WzPreloader.exe 2868 | [Owner : Comp |Parent : 1532] - (.WinZip Computing, S.L. - WinZip Quick Pick.) - (2.5.11661.0) = C:\Program Files\WinZip\WZQKPICK32.EXE 3760 | [Owner : SYSTEM |Parent : 516] - (.Microsoft Corporation - Microsoft Windows Search Indexer.) - (7.0.7600.16385) = C:\Windows\System32\SearchIndexer.exe 4900 | [Owner : Comp |Parent : 1532] - (.Microsoft Corporation - Notepad.) - (6.1.7600.16385) = C:\Windows\System32\notepad.exe 5664 | [Owner : SYSTEM |Parent : 516] - (.Intel Corporation - IAStorDataSvc.) - (10.0.0.1046) = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 5780 | [Owner : NETWORK SERVICE |Parent : 516] - (.Microsoft Corporation - Windows Media Player Network Sharing Service.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe 4416 | [Owner : Comp |Parent : 1532] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 3740 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 4556 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 5796 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 4020 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 5132 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 5004 | [Owner : Comp |Parent : 640] - (.Citrix Systems, Inc. - Citrix Authentication Manager.) - (8.0.0.23483) = C:\Program Files\Citrix\AuthManager\AuthManSvr.exe 1312 | [Owner : SYSTEM |Parent : 952] - (.Microsoft Corporation - Windows Wireless LAN 802.11 Extensibility Framework.) - (6.1.7600.16385) = C:\Windows\System32\wlanext.exe 5492 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe 4840 | [Owner : Comp |Parent : 4416] - (.Google Inc. - Google Chrome.) - (49.0.2623.108) = C:\Program Files\Google\Chrome\Application\chrome.exe ¤¤¤¤¤¤¤¤¤¤ # Winlogon user ¤¤¤¤¤¤¤¤¤¤ # Winlogon machine ¤¤¤¤¤¤¤¤¤¤ # SafeBoot Safeboot Keys are O.K Alternate shell is OK ! � Safeboot Minimal Subkeys : O.K ! � Safeboot Network Subkeys : O.K ! ¤¤¤¤¤¤¤¤¤¤ # IFEO ¤¤¤¤¤¤¤¤¤¤ # Mountpoints2 ¤¤¤¤¤¤¤¤¤¤ # Windows [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]~[Shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon [HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]~[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon ¤¤¤¤¤¤¤¤¤¤ # Security center ¤¤¤¤¤¤¤¤¤¤ # Services Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\srService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NVSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\NIHardwareService]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\agp440]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\ERSvc]~[Start] : -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\EapHost]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\windefend]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\winmgmt]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\WerSvc]~[Start] : 3 -> 2 Repaired : [HKLM\SYSTEM\CurrentControlSet\Services\Wwansvc]~[Start] : 2 -> 3 ¤¤¤¤¤¤¤¤¤¤ # Internet Explorer ¤¤¤¤¤¤¤¤¤¤ # reparsepoint ¤¤¤¤¤¤¤¤¤¤ # Offsets ¤¤¤¤¤¤¤¤¤¤ # Files | Folders | Registry Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I0E2H3P.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I1218MP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I2M6UHU.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I2P51L5.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I4VNBJP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I5JSOS9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I5N2ANW.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I66CY77.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I8B8TET.bat Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I8JVQUO.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I98V39F.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I9FBLFJ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$I9HRJ4N.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IA2QEOB.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IB0PLRD.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ICCOY52.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IDQYE9K.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IE3AHQ0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IE830D9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IEAW4I5.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IECLVVF.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IGJNE4U.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IGT7GQS.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IH3T9K8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IHNRCJE.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IIPV2WV.bat Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IJDADX7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IKZIFG7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ILCCPV8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ILI0Y3P.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ILM7MQ1.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IN0UHYN.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IOJ5WCG.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ION0A67.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IPLPHJW.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IQ772KO.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IS112GZ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ITO983A.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IVT7BVT.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IWFIRZ0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IWXO3EA.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IX35YKJ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IX9J3T9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IXVG21W.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IYV920Z.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IZ7IOLY.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$IZSZ36E.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R0E2H3P.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R1218MP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R2M6UHU.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R2P51L5.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R4VNBJP.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R5JSOS9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R5N2ANW.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R66CY77.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R8B8TET.bat Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R8JVQUO.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R98V39F.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R9FBLFJ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$R9HRJ4N.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RA2QEOB.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RB0PLRD.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RCCOY52.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RDQYE9K.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RE3AHQ0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RE830D9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$REAW4I5.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RECLVVF.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RGJNE4U.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RGT7GQS.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RH3T9K8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RHNRCJE.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RIPV2WV.bat Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RJDADX7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RKZIFG7.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RLCCPV8.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RLI0Y3P.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RLM7MQ1.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RN0UHYN.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$ROJ5WCG.dll Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RON0A67.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RPLPHJW.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RQ772KO.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RS112GZ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RTO983A.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RVT7BVT.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RWFIRZ0.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RWXO3EA.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RX35YKJ.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RX9J3T9.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RXVG21W.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RYV920Z.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RZ7IOLY.exe Moved to quarantine successfully : C:\$Recycle.bin\S-1-5-21-1707862676-2149366739-3682150470-1000\$RZSZ36E.exe Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\agent.dat Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\Installer.dat Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\lobby.dat Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\Main.dat Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\noah.dat Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\GoodPlus.exe Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\Sanlax.exe Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\Sum-Hold.exe Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\Vilacandax.exe Moved to quarantine successfully : C:\Users\Comp\AppData\Local\Nico Mak Computing Moved to quarantine successfully : D:\CTX.DAT Moved to quarantine successfully : C:\Users\Comp\AppData\Roaming\Netpus ¤¤¤¤¤¤¤¤¤¤ # ADS Prefetch -> cleaned D:\ : Vaccinated (Vaccin created by Pre_Scan) ���������� | Hidden files ~ [Drive D:] : Hidden : 190 | Restored : 190 ~ [Drive C:] : Hidden : 1 | Restored : 1 ~ [Program Files] : Hidden : 4 | Restored : 4 ~ [Users] : Hidden : 2 | Restored : 2 ~ [Documents] : Hidden : 4 | Restored : 4 ~ [Desktop] : Hidden : 11 | Restored : 11 ~ [Searches] : Hidden : 2 | Restored : 2 ~ [Windows] : Hidden : 124 | Restored : 124 ~ [AppData] : Hidden : 13 | Restored : 13 ¤¤¤¤¤¤¤¤¤¤ # Drives Disk: 0 Size=305G Pos MBRndx Type/Name Size Active Hide Start Sector Sectors --- ------ ---------- ---- ------ ---- ------------ ------------ 0 0 07-NTFS 100M Yes No 2,048 204,800 1 1 07-NTFS 75G No No 206,848 153,395,200 2 2 07-NTFS 230G No No 153,602,048 471,537,664 ¤¤¤¤¤¤¤¤¤¤ Repaired : [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]~[AutoRestartShell] : 0 -> 1 End : 19:47:49 ¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 337